Latest email scam targets Irish Netflix subscribers

ESET warns Irish Netflix users about a new wave of email scams

Netflix scam targets Irish Netflix subscribers

At the beginning of May 2018, ESET Ireland published a warning[1] claiming that Netflix service users are at high risk of getting professional-looking scam emails, which reports an expiring Netflix subscription. According to the company, the new Netflix scam is oriented to Irish Netflix subscribers in particular and aims at extorting people's credit card details.

You cancelation confirmation

We tried to renew your membership at the end of every billing cycle but the payment failed, so we had to cancel your membership.

Obviously, we'd love to have you back. If you want to renew your membership, simply click here to enjoy all the best TV shows & movies without interruptions.


We're here to help if you need it. Visit the Help Center for more info or contact us.

The Netflix Team

The message is titled as “Your cancellation confirmation” and contains a “Restart Membership” button, which once clicked redirects to a fake Netflix payment website, which asks the victim to enter the following information:

  • Name on card
  • Debit/Credit Card Number
  • CVV number
  • Expiration date
  • Address/city/country
  • Date of Birth
  • Phone number

If the potential victim falls for believing that his or her Netflix subscription has expired and submits the required information, web browser redirects to the actual Netflix website, so the victim may not even suspect being scammed.

Similar Netflix scams were circulating on the Internet before

Due to high subscription numbers, hackers quite often exploit Netflix and use it in phishing or scam attacks. As of April 2018, Netflix worldwide subscriptions totaled 125 million, including more than 300,000 Netflix subscribers in Ireland alone.[2] Therefore, the activity of Netflix scams[3] is not surprising. Up until now, the following versions of the scams have been registered:

  • “Special pricing for 25,000 subscribers”
  • “Unable to Bill Your Subscription”
  • “Your Netflix Membership Is About To Be Canceled”
  • “Free Netflix Subscription for a year”
  • “We've canceled your Netflix account”
  • “You cancelation confirmation”

Netflix scams are distributed in two ways, i.e., malicious spam emails or pop-up ads. In case of phishing emails, crooks may use spam bots[4] and automatically sent millions of Netflix-related emails that contain an infected link, while Netflix pop-ups are usually triggered by adware-type[5] programs. Anyway, falling into Netflix scam poses a high risk of money loss or identity theft.

Despite the fact that online community is aware of the Netflix scams due to their occurrence in the past, ESET Ireland asks people to be extremely cautious because the current scam campaign stands out from the crowd. As pointed out by company's spokesperson:

We’ve seen similar “Netflix scams” before, but the current seems to be even more advanced. The button links to a convincing looking fake Netflix website, complete with “https” with a padlock and an address that looks Irish and even a security certificate for the page.

Ukraine hackers seem to be behind the current Netflix Scam

ESET Ireland team was the first one that came across the new version of Netflix scam and took a quick pace to analyze it in details. According to the company, this new phishing campaign is far more advanced if compared to the previous ones.
Not only the message itself looks convincing. The link provided on it redirects to a fake Netflix website with HTTPS[6] known as secure connection and a security certificate, thus raising no suspicions to be fake.

Besides, a closer analysis of the source code initially pointed out to Norway as a source of the scam. However, it turns out that the developers of the Irish Netflix scam programmed malicious links redirecting to Norway, while the actual source of the scam is Ukraine.

Contact Netflix if you received scam emails

ESET Ireland informed N4etflix about a new wave of scam. Responding to the ESET foundings, Netflix team released an official report and warned its subscribers worldwide. Each person who received a scam email is urged to contact Netflix via immediately.

If, however, you fell victim to the Irish Netflix scam and exposed your credit card details to criminals, contact your banking service provider and ask them to suspend your account to prevent unauthorized transactions.

About the author
Linas Kiguolis
Linas Kiguolis - Expert in social media

Linas Kiguolis is one of News Editors and also the Social Media Manager of 2spyware project. He is an Applied Computer Science professional whose expertise in cyber security is a valuable addition to the team.

Contact Linas Kiguolis
About the company Esolutions