WARNING: Netflix Email Scam
There have been warnings about fake Netflix emails circulating for a while, but late last year we received one ourselves and it was too scary for us to not share.
The email has the subject line ‘Netflix Membership on Hold” and states that the recipient needs to visit a verification page to prevent their Netflix membership being suspended. Clicking the link and entering your information can pose a significant risk to your personal details.
Here’s a summary of how the Netflix scam works from ACMA.gov.au:
- When you ‘sign in’, the fake website feeds the username and password to the real Netflix website, and if the login details are correct, retrieves your first and last name. If the details are incorrect you will receive the normal login error message and be prompted to enter your correct details.
- The next page shows an ‘account verification’ form. The first and last name fields are pre-populated with data obtained from the real Netflix site, reassuring you that the website is ‘genuine’.
- After you fill out the rest of the fields with your billing address, date of birth and mobile number you are prompted to share your credit card details.
- At this point, the fake website begins to dynamically change. It will identify your bank based on the credit card number and then ask for additional authentication by using ‘MasterCard SecureCode’ or ‘Verify with Visa’ boxes, for example.
This type of scam isn’t unique to Netflix – with just some minor code modifications, the scam can be repurposed to target users of other popular online services.
Here’s a copy of the email we received – the ‘from’ address is the same as authentic Netflix communications, and it wasn’t flagged as spam or junk in our inbox. It nearly had us fooled for a second!
So if scam emails are this convincing, how can you keep yourself safe?
- Always check the URL (web address) of the link to see if it matches the real URL for the site. Make sure you know how to do this when using your phone as well, as the URL of the website might not be as readily available.
- Use a unique password for each of your online accounts and subscriptions, and change it regularly.
- Don’t open emails from unknown or suspicious senders, delete them straight away.
- Never follow links included in suspicious messages, and don’t open attached files.
- Set up two-factor authentication on your accounts when possible (this means a second piece of information is required on top of your password to sign in to your account, e.g. a code being texted to you). Check out our blog post here for more info on two-factor authentication.
Scams like this are getting more convincing by the day, and it’s truly scary to know what they can do if they get hold of your information. If you’re ever unsure on whether an email asking for information is real or not, delete it straight away – it’s better to be safe than sorry!
Let us know if you’ve encountered this email or any others lately, and be sure to keep your inboxes safe!