“Smart” Netflix Phishing Scam Targeted Over 50 Million Users

A new Netflix phishing scam is targeting more than 50 million subscribers – a number that is expected to grow to 62 million by 2020 (Source: Benzinga). The email mimics an official message from the popular streaming service. The message claims that the user’s account has been disabled because their billing information is not valid. The user is required to click the “Login Now” button within 48 hours to re-enter payment information to restart membership.

What’s different about this phishing email?

Look at the salutation field. In the past scammers used generic names like “Account holder”, “User”, “Subscriber”, etc. Now, in an effort to outwit anti-virus, anti-malware, and spam-sniffing software plus look more legitimate, scammers are using a merge codes to add the name of the user to the email. Today it is easy to find the name, social security number, address, and more through social engineering.

Once the user clicks on the link in the email, they are taken to a link that prompts them to enter their new payment information. The link is managed by scammers who then steal the money and use the payment information for future charges and potentially identity theft.  Below is the phishing email that is showing up in the inboxes of Netflix users:

Netflix Phishing Email

Sources: BBB North Alabama, Benzinga, Netflix, Wired.com, Today.com

If you receive a suspicious email or text message, Netflix urges users to never enter login or financial details, to not click on any links or open attachments, and to not reply back to the communication.

To check the status of your account, Login to Netflix directly using a trusted link associated with any unsolicited email.

For more details, go to  THE DEVIOUS NETFLIX PHISH THAT JUST WON’T DIE and Netflix users beware: ‘Well-designed’ scam aims to steal your credit card info . To report a scam, go to the BBB Scam Tracker. To find trustworthy businesses, go to https://www.bbb.org/northern-alabama/.