It’s 2020. Everybody and their mother has Netflix by this point, which is why everyone should be vigilant in protecting themselves from a new scam. This one is pretty convincing — and an immense pain for anyone who falls for it.
This scheme comes in the form of an email.
According to Australian online security firm MailGuard, Netflix users are receiving emails that look almost exactly like the legitimate emails Netflix sometimes sends out. But these emails are a scam designed to extract payment information.
RELATED STORIES
Here’s what the email looks like.
While it looks like it’s coming from Netflix, it was actually sent from a single compromised email address. The body of the email suggests that users need to update their accounts as their “billing information has been modified.”
It makes things seem urgent.
The email warns users that if they don’t update their accounts within the next 24 hours, they could be suspended from watching more Netflix. It’s designed to get users to hand over their information quickly without thinking much about it.
What happens if you follow the link?
It takes users to this landing page, which looks just like a real Netflix site — branding for The Crown and all — but is, in fact, a phishing page.
This leads to another phishing page.
The previous page intercepts users’ login information, but the next page is the truly dangerous one, as it asks for credit card information. Anyone who enters their info here is giving it directly to scammers.
Next comes the three-step verification.
Three-step verification (the legitimate kind, at least) is one of the best ways to safeguard your online accounts. Scammers are using a fake three-step verification process to lure Netflix users into their trap.
…and it’s done!
The process is complete, and the scammers now have your information! It’s incredible how legitimate both the initial email and the fake Netflix site, appear to be on the surface.
Watch for the red flags.
While the fake pages have authentic-looking Netflix branding, there are a few tells that they’re fake, most notably typos — “Account Informations Update” and minor misspellings of that nature.
Netflix is frequently targeted.
Netflix is one of the most popular sites for scammers to target, likely because it has so many users — over 167 million , to be exact.
Be careful.
It’s crucial to exercise extreme caution when opening emails that say they’re from Netflix. If you need to update payment information, it’s best to do it from the Netflix site itself, rather than through following an email link.
h/t: MailGuard
