A new wave of phishing attacks is attempting to steal payment data and login credentials from Netflix subscribers, according to Bleeping Computer.

The actor behind these attempts used a “failed payment” theme to engage potential victims into the redirect chain leading to the phishing page.

The phishing page is a good impersonation of the original Netflix login portal but all the links just reload the same page. Also, the domain loading it, despite being legitimate, is a clear indication of a fake.

After typing in the credentials, another page loads, asking for a billing address and then for payment details (card number, expiration date, CVV, account number).

Victims falling for these tricks may not learn about the fraud until it’s too late as the phishing flow ends with a “success” message.

Apart from preventing defense systems from reaching the malicious page, the CAPTCHA also gives a sense of legitimacy to the communication. The URL has been taken down.