Sophisticated Phishing Scam Targets Netflix Users

September 20, 2018 4:04 pm Geraldine Strawbridge

Netflix users are being warned about a convincing new phishing scam designed to steal their personal banking details.

The Police and Action Fraud both noted a spike in reports about fake Netflix emails and have issued a warning for users to be extra vigilant.

Customers of the streaming service have been receiving emails claiming there is an issue with their Netflix account or it has been suspended.

The email urges Netflix users need to update their account details to solve the problem.

The email reads: “Update your payment information. We face some difficulties with the currently billing information of your own. We will try again, but please, at the same time, can you update your payment details.”

At the end of the email, users are instructed to click on a red button to update their account details.

Upon clicking the link users are directed through to what appears to be the official Netflix website, but it is in fact nothing more than a fake phishing website set up to steal usernames, passwords and bank details.

Action Fraud released a statement urging Netflix users to be wary of the scam and not to respond to any suspicious emails. A spokesperson said: “Watch out for these fake Netflix emails. We’ve seen an increase in reports about fake Netflix emails claiming that there’s an issue with your account, or that your account has been suspended.

“Always question unsolicited requests for your personal or financial information in case it’s a scam. Never automatically click on a link in an unexpected email or text.

If you think you have fallen for one of these scams, you should let your bank know as soon as possible and report it to Action Fraud.”

Despite the official looking branding, there are a number tell-tale signs within the email and website that point to a phishing scam.

The first warning sign is the poor grammar and spelling within the text of the email. Whenever legitimate companies send out emails to customers, they are often proofed by copywriters to ensure the spelling and grammar is correct. If you spot lots of mistakes within an email, it’s unlikely to have come from an official source.

Another warning sign is the URL used in the spoofed website. The official Netflix sign in page is prefaced by www.netflix.com. However, the one used by the fake site begins login.netflix. Fraudsters often stick as closely as they can to the real address of a website to trick as many users as they can into thinking they are on a legitimate site.

Other warning signs to look out for include an urgent call to action, threatening language or any correspondence that appears out of the blue.

Phishing continues to be the most common form of cyber-attack due its simplicity, effectiveness and high return on investment. With attacks against businesses almost doubling in the last five years, it’s vital that businesses take steps to ensure they are doing all they can to educate staff on the dangers of a phishing attack. Get in touch for further information on how our MetaPhish solution can help protect your business.