Netflix scam alert – If you get sent this e-mail do not click on it
Netflix customers are being sent a convincing looking message as part of a “sophisticated” scam.
The e-mail features the streaming giant’s logo and even the sender is labelled as Netflix to make it appear more authentic.
The scam message has in bold at the top ‘payment declined’ and claims the customer’s payment details could not be processed.
It asks the Netflix user to update their credit card details and even encourages them to visit the official Help Centre for more help.
However, this is all a double bluff as the e-mail was not sent by Netflix but by cyber criminals.
The scam was discovered by cyber security experts Mailguard.
They outlined how when victims click on the ‘update payment’ button in the scam e-mail they’re directed to a new website.
In this portal Netflix customers are asked to enter their e-mail address, credit card number, the card’s expiry date and security code.
1 of 33
Describing the scam, MailGuard said: “MailGuard has detected a new zero-day phishing scam using fake Netflix branding.
“Netflix has become a favourite vehicle for email fraudsters.
“Their large customer base makes them a valuable target for brandjacking; cybercrime that exploits the trademarks of well-known companies to deceive victims.”
They added: “This sort of phishing scam allows cybercriminals to harvest victim’s credit card credentials. The phishing page is designed to operate like a legitimate login portal.
“It asks for card details and password verification, then ejects the scam victim to a real Netflix page to allay suspicion.”
Raj Samani, McAfee fellow and chief scientist, said the latest Netflix scam news was “extremely concerning”.
Speaking to The Independent, he said: “It is extremely concerning to hear that thousands of Netflix customers could have been hit by a somewhat sophisticated phishing scam.
“Yet, sadly it isn’t all surprising. Phishing attacks remain the most common method of manipulating individuals into clicking on links and ultimately installing malicious content onto their systems.
“Taking advantage of trusted, well-known brands attempts to leverage the use of authority, resulting in the incoming messages to appear trusted to the consumer.”
1 of 12
Netflix on their official website said they would never ask customers for personal information over an e-mail.
They said: “Never enter your login or financial details after following a link in an email or text message. If you’re unsure if you’re visiting our legitimate Netflix website, type www.netflix.com directly into your web browser.
“Never click on any links or open any attachments in an email or text message you received unexpectedly, regardless of the source.
“If you suspect an email or text message is not from Netflix, do not reply to it.”
Netflix users have been sent this scam e-mail
The news comes after MailGuard last year discovered another Netflix con.
The scam e-mail, which looks official and features Netflix branding, claims the streaming giant is about to suspend a user’s membership.
It says the receiver’s billing information has not been verified and if they do not get a response within 48 hours the account will be put on hold.
The scam e-mail is even tailored to make sure it’s addressed to the Netflix user by their first name, making it seem even more convincing.
There is a ‘Restart Membership’ button at the bottom of the e-mail which links through to a site that features the company’s logo and imagery for Netflix’s shows.
However, the site is built on a WordPress blog and is an elaborate scam to steal credit card details and personal information from victims.
Speaking last November, MailGuard said: “Once the fake website has collected all the sensitive data the scammers want, the victim is shown a reassuring ‘reactivation’ screen.
“If you receive an email from Netflix today, ‘Chill,’ but don’t click without thinking first.
“Scammers can make their fake emails and bogus websites look pretty convincing, so it’s always a good idea to check carefully that the email comes from the actual company domain and not a scammer.”