A recent wave of phishing attacks aiming to steal payment card info and credentials for Netflix streaming service starts with a functioning CAPTCHA. The actor behind these attempts used a “failed payment”” theme to engage potential victims into the redirect chain leading to the phishing page. The attackers managed to easily bypass email security solutions by using a working CAPtCHA and hosting the fake page on hacked legitimate websites. Being cautious when asked to provide sensitive details and checking the domain loading the page should help users spot phishing attempts.”
Source: https://www.bleepingcomputer.com/news/security/netflix-credential-phishing-hides-behind-working-captcha/