I have not yet seen phishing emails to Netflix, but since they do have
credit card info, I can't see them not occuring at some point. In
either case, it's a major website with a silly issue. As well, it can
look even more valid as it is a link to a secure site.
History:
Netflix was notified on Wednesday April 20, 2005. I got a form letter
back, no other response, and the issue is still there.
I again tried Netflix on 4/25. Customer Service response that the
email is being sent to the proper department. Issue still there.
4/28, I figured this was enough time for a fix or a response from the
"proper department" and reported the issue to BugTraq. Not fixed at
time of sending this.
Similar to the previously discussed issues with the eBay and Capital
One website, Netflix also has a redirect which can assist phishing.
https://www.netflix.com/redirect.jsp?target=http://dummy.site.com/
Or, it can be made even more obscure:
https://www.netflix.com/redirect.jsp?target=%68%74%74%70%3A%2F%2F%67%6F%
6F%67%6C%65%2E%63%6F%6D%2F
I have not yet seen phishing emails to Netflix, but since they do have
credit card info, I can't see them not occuring at some point. In
either case, it's a major website with a silly issue. As well, it can
look even more valid as it is a link to a secure site.
History:
Netflix was notified on Wednesday April 20, 2005. I got a form letter
back, no other response, and the issue is still there.
I again tried Netflix on 4/25. Customer Service response that the
email is being sent to the proper department. Issue still there.
4/28, I figured this was enough time for a fix or a response from the
"proper department" and reported the issue to BugTraq. Not fixed at
time of sending this.
Regards,
KM
[ reply ]