If you recently received an email from Netflix asking you to update your subscription information, you’re not alone. In fact, you’re one of the millions of Netflix members being targeted in a new email scam.
What is the Netflix email scam?
On 3 November, Australian cybersecurity firm MailGuard detected a malicious scam in which Netflix subscribers were receiving emails threatening to suspend their accounts if they did not update billing information.
The worst part? According to MailGuard, the emails were extremely well-designed and used a template system to generate individualised messages with specific recipient data. The result is a generic body that invites members to restart their account with a sender field that is designed to display the name of the intended victim.
In a few instances, however, the template was faulty and was unsuccessful in merging the recipient field. Instead of displaying the Netflix account holder’s name, the email was incorrectly addressed to “#name#”.
This error doesn’t detract from the scam’s sophisticated design. The message sent from “Netflix” (scammers) informs subscribers that their Netflix billing information is invalidated and asks them to update account details. A link at the end of the message titled “Restart Membership” will direct users to a fake Netflix website.
You will be asked to login and then enter personalised information, such as your address, birthdate and credit card details. Once the sensitive data has been collected, the fake website will display a reactivation screen, reassuring members that their memberships have been successfully updated.
MailGuard has revealed that the imitation Netflix website was constructed by hackers who broke into Wordpress blogs and took advantage of vulnerabilities such as blog plugins. Once inside, the scammers constructed a website that is strikingly similar to the Netflix login page.
Despite the similarity, Netflix confirmed in a statement to ABC News that the email is in fact a scam, citing that “unfortunately, scams are common on the internet and target popular brands such as Netflix and other companies with large customer bases to lure users into giving out personal information”.
According to its security page, Netflix will never ask for sensitive information to be sent over email and advises its members to be aware of possible phishing attempts.
How to avoid becoming a victim of the Netflix scam
We’ve seen in this recent Netflix email hack how far that some phishers will go in deceiving you to hand them over sensitive information - which they in turn will use to commit theft or steal your identity. Fortunately, there are a number of ways to avoid phishing attempts, starting with how to identify them.
Firstly, always check that an email comes from the actual sender by hovering your mouse over the sender’s name. Ignore the “sender” name, and instead focus on the email address that the sender is using. The email address should include the domain that the email content is pointing to. If it appears to be an unfamiliar domain, avoid it.
Another option is to log into your account and scan for any messages with similar requests to those you may have received in an email. If your account looks as normal as ever, it may be the case that you have received an email from a phisher. You can also contact the company in question to inquire about your account details.
Lastly, if you're uncertain in your ability to discern suspicious emails, consider downloading or purchasing email and web filtering systems, such as SPAMfighter Pro, Mailwasher Pro or ChoiceMail One.