Beware this Netflix scam

A new email scam targeting Netflix members seeks to steal personal information of the company’s subscribers, potentially raising the risk of identity theft for 110 million people.

Here’s what to do. Watch for this subject line in your inbox: “Your suspension notification.”

The email message begins, “We were unable to validate your billing information for the next billing cycle of your subscription therefore we’ll suspend your membership if we do not receive a response from you within 48hours.”

The email phishing scam goes on to dangle the hook: “Obviously we’d love to have you back, simply click restart your membership to update your details and continue to enjoy all the best TV shows & movies without interruption.”

Do not click on the link, which is designed to take you to a fake website. Subscribers who click on the link and provide their personal information could put themselves at the risk of identity theft.

The phony email contains typographical and punctuation errors—“48hours,” for instance—which can be common in scams seeking to trick recipients into providing sensitive information.

But the current email scam appears to be visually accurate, with a strong semblance to a real Netflix landing page. That could make it convincing for some subscribers.

Here’s some of the information the phishing scam seeks to gather:

  • Log-in credentials: User name and password.
  • Updated personal information: Includes name, date of birth, address, and telephone number.
  • Updated billing information: Includes credit card number and details.

Responding to the email scam, Netflix issued this statement on Nov. 6:

We take the security of our members’ accounts seriously and Netflix employs numerous proactive measures to detect fraudulent activity to keep the Netflix service and our members’ accounts secure,” the company said in its statement. “Unfortunately, scams are common on the internet and target popular brands such as Netflix and other companies with large customer bases to lure users into giving out personal information.”

Here are a few steps for to take if you think you may be the target of a phishing scam.

  • Confirm the sender: Click on the downward arrow next to the sender’s name. This will show the full details.
  • Hover over links: This shows the full URLs. Check to see if they appear to be accurate.
  • Go directly to your account: Don’t click on links. Go directly to your account on the legitimate website to review your personal information and make any changes.
  • Use strong passwords: Passwords should use a combination of letters, numbers and special characters. Be sure not to reuse them on other websites. Change your passwords periodically.
  • Watch out for pressure tactics: Be cautious towards any email message that urges you to act quickly.

 

Cybersecurity Alerts Archive