Netflix scam emails are back: 110 million subscribers are in danger

New wave of phishing emails are designed to steal Netflix users' identity

At the beginning of November, about 110 million Netflix users may have received an email from the streaming site that had a subject line “Your suspension notification.” The message expressed the urge to update and validate personal information, including credit card details. Security experts warn that this polished phishing campaign is used for stealing victim’s identity, credit card information and other sensitive data.

MailGuard^[1] detected an example of phishing email and warned Netflix users about the danger. Criminals put lots of effort in creating a legit looking campaign. They send individualized emails with recipient’s name. The body of the letter is generic; however, seeing his or her name might make victim fall for the scam.

However, the campaign did not go as good as it planned. The letter does not include the name. Victims just see “Hi #name#” greeting line that should reveal that something is shady about this email. However, not everyone pays attention to such small details.

“Restart membership” by revealing personal information to cybercriminals

The content of the letter tells that Netflix was unable to validate user’s billing information in order to extend the subscription. Victims are urged to “restart membership” within 48 hours. The email includes a link to a fake Netflix website that can also be recognized by a shady domain name.

When victims click “Restart membership” button, they are not redirected to netflix.com. They end up on a compromised WordPress blog. However, if you do not look to the address bar, you might get easily tricked by fake Netflix login page.

Once logged in, the malicious site shows “Update Your Billing Information” page that asks to enter billing address, full name, date of birth and similar information. Furthermore, users are redirected to “Validate Your Payment Information” page that asks to enter the name of the credit card, card number, expiry date, security code, etc. Finally, the fake website says “thank you” and informs about “reactivated membership.”

Netflix scams are popular among cybercriminals

Netflix scam detected on November is not the first criminals’ attempt to harm users of the streaming website. Security experts point out to similar phishing attacks held on December and August 2016. However, at the beginning of 2017, scammers launched another massive campaign.^[2]

Targeted Netflix users were asked to update their account information in January. Back then, crooks wanted not only login details, date of birth, credit card information, but Social Security Numbers as well. Therefore, users should stay vigilant and do not trust each email that seems to be sent by a favorite streaming website.

Netflix knows about the issue and in the statement to Mashable^[3] told that the company “employs numerous proactive measures to detect fraudulent activity to keep the Netflix service and our members' accounts secure.”

Netflix help page also gives users security tips to avoid possible phishing attempts. The company warns that they never send emails asking for personal information, such as:

• Payment information (credit card number, debit card number, direct debit account, PIN, etc.).
• Social security number for US citizens (in any form), identification number, or tax identification number.
• Your account password.^[4]

Therefore, if you received an email that asks to validate your payment or account details, do not click any of provided links and report about it to Netflix.^[5] Entering personal information to a suspicious site might lead to identity theft, money loss, and privacy-related issues.