Two ongoing phishing campaigns are actively targeting Netflix and American Express (AMEX) customers to steal credit card and social security information as discovered by the Office 365 Threat Research team during the weekend.

As detailed by the Windows Defender Security Intelligence team on Twitter, "Two massive, still-active phishing campaigns targeting Netflix and AMEX emerged over the weekend, the Office 365 Threat Research team has discovered. Machine learning and detonation-based protections in Office 365 ATP protect customers both campaigns."

The phishing campaign targeting Naetflix clients redirects its victims to a realistic looking downloadable form designed to collect and exfiltrate credit card information (card number, expiration date, bank name, PIN, and security code) and billing information (name, e-mail, SSN, address, phone, and date of birth).

The Netflix phishing campaign uses a "Your account is on hold" subject line meant to create a sense of urgency in an effort to increase the chances that the victim will be more prone to make errors and be a lot less careful when feeding sensitive information into the data theft form.

Netflix phishing campaign

The phishing campaign designed to steal sensitive info from AMEX clients "uses a generic 'Notice Concerning your CardMember Account' message," communicating as part of the e-mails that the bank already blocked the customer's access to the card member profile and that he needs to confirm his records by "downloading and filling out the form."

The AMEX phishing form requests both personal info (mother's maiden name and place of birth) and credit information (card number, expiration date, PIN number, and security code) but, more interestingly, it will also ask for the customer's user id and password.

AMEX phishing campaign

As detailed by Microsoft in the Security Intelligence Report (SIR) Volume 24, phishing attacks have seen an impressive 250% boost in numbers between January and December 2018, with malicious actors moving between points of attack during the same campaign, shifting between multiple URLs, servers, and domains when hosting phishing forms and sending e-mails.

Phishing attacks also continued to be the most popular attack technique utilized by crooks as part of multi-stage malicious campaigns that drop a large variety of malware strains on their victims' computers.