There’s a new and clever phishing scam designed to collect your Netflix credentials and credit card information. Not only does the email look like it came from Netflix, the greeting may also include your name. But, stop right there! Just because it looks legitimate, it may not be. Here’s what to watch out for:
The email explains that your membership will be suspended due to a billing issue if you don’t respond within 48 hours. A link and button are provided to “restart your membership.” Clicking takes you to what appears to be a Netflix login page where scammers can collect the username and password you enter…but it doesn’t stop there.
The next page allows you to “Update Your Billing Information,” where the site scammers can collect your full name, date of birth, and billing address. Finally, you’re taken to the “Validate Your Payment Information” page, where cyber criminals want you to enter your credit card information. This scam is so well-designed that it even takes you to a confirmation page once you provide the information requested!
From start to finish, the entire scam looks legit—on the surface, anyway. Here are all the red flags using screenshots from Mailguard.com.
Red Flag #1: Urgency and a deadline of 48 hours
Red Flag #2: Note that the URL on the login page is NOT on the Netflix.com domain.
Red Flag #3: Netflix should already have the information on this screen—moreover, if it needed to be confirmed, the screen should be populated with something other than blanks.
Red Flag #4: Again, Netflix should already have payment information on your account. The screen should be populated with something other than blanks.
Red Flag #5: This is a clever trick to put you at ease that all is on the up-and-up. Don’t be fooled! Notice the red “Sign Out” link on the upper right of each page? The real Netflix site has your first name and the icon you selected for your profile in this area on most pages when you’re signed into your account.
Tips to avoid scams like this
We’ve talked about spotting phishing scams before, but here are some simple tips:
- Hover over any links/buttons in emails to confirm the destination URLs.
- If you receive an email about suspension or a billing issue from a company with which you do business, be wary! Urgency (especially with a short deadline) is a red flag. This tactic is commonly used to get you to skip your standard security steps and act immediately.
- The best way to avoid being caught in a scam is to not click links from emails. Instead, manually type the URL into your browser (e.g., www.netflix.com).
- Before entering login credentials on any website, make sure the site is secured with https://. The “s” on “https” means you are at a secure website.
- Netflix – How can I keep my Netflix account secure?
- USA Today – Netflix subscribers target of ‘relatively well-designed’ email scam (video)
- Wired – The Devious Netflix Phish That Just Won’t Die
- SC Media – Double plot twist: Another phony Netflix email turns out to be phishing scam
- Mailguard – New Email Scam Using Fake Netflix Website