Hello, Similar to the previously discussed issues with the eBay and Capital One website, Netflix also has a redirect which can assist phishing. https://www.netflix.com/redirect.jsp?target=http://dummy.site.com/ Or, it can be made even more obscure: https://www.netflix.com/redirect.jsp?target=%68%74%74%70%3A%2F%2F%67%6F%6F%67%6C%65%2E%63%6F%6D%2F I have not yet seen phishing emails to Netflix, but since they do have credit card info, I can't see them not occuring at some point. In either case, it's a major website with a silly issue. As well, it can look even more valid as it is a link to a secure site. History: Netflix was notified on Wednesday April 20, 2005. I got a form letter back, no other response, and the issue is still there. I again tried Netflix on 4/25. Customer Service response that the email is being sent to the proper department. Issue still there. 4/28, I figured this was enough time for a fix or a response from the "proper department" and reported the issue to BugTraq. Not fixed at time of sending this. Regards, KM
