How to Spot the Latest Netflix Phishing Scam

Screenshot: David Murphy
Screenshot: David Murphy

Everyone loves Netflix, especially when they don’t have to pay for it. That’s why you’re sharing someone else’s account, right? Well, scammers love free Netflix, too, and a new phishing attack could get you to give up your precious user name and password, as well as other critical information you wouldn’t want others to have.

It all starts with an email

As Armorblox describes, this new Netflix phishing attempt starts with a simple email from “Netflix Support.” It tells users that there’s something wrong with their billing details, and they need to confirm these or risk having their Netflix subscriptions turned off the next day.

While I suppose the email sort of looks legit, and it’s not unheard of for a person to receive an email, say, when a credit card can’t be charged for a service for whatever reason, this kind of a message should be a huge red flag for anyone. First off, Netflix wouldn’t just cancel your account after a day; they would cancel it as soon as your subscription runs out based on whenever you last paid — probably a month from your last charge, I’d imagine.

Second, don’t click on links in emails like these. Convenient as they may be, your best course of action is to pull up your web browser and type in the web address for said site or service. Open up your account settings yourself and see if everything looks fine; if a company was good enough to send you an email about an issue, and it’s legitimate, they’ll undoubtedly have flagged whatever the problem is within your account settings, too. (Believe me, they’re just as eager for you to get your payment details sorted out, to avoid service cancellation, as you would be.)

Give us all your information

If you click on one of the scammy links in the phishing email, you’re first taken to a CAPTCHA page designed to look like something on Netflix’s site: black background, red boxes, smooth white text, et cetera. This not only adds a little extra legitimacy to the phishing attempt — even though scammy sites can incorporate CAPTCHAs just as well as anyone else — but it also helps conceal the phishing attack’s final page, where you enter your account credentials, from various anti-malware services your email provider might use to help keep you safe.

Of course, if you looked at the URL of the site you were accessing, you would have blatantly seen that it wasn’t being hosted on any Netflix domain whatsoever. Still, there are plenty of people who don’t look at URLs when they’re clicking around the web, so it’s hard to count on that technique in this instance — even though it’s the easiest way to get a little more faith that the site you’re visiting might be legitimate.

Users that correctly solve the CAPTCHA are then taken to a very good lookalike page for Netflix. They cough up their logins, and are then asked to provide their full billing address, phone number, and payment details (including bank names and account numbers). That, again, is yet another red flag — if a service doesn’t ask you for certain information when you sign up, you shouldn’t give up that information when requested at some random future point. I mean, really. Why would Netflix ever need your bank account number.

Phishing scams usually have some good “tells”

This phishing scam has a lot of holes in it, but that’s the thing; these aren’t designed to entrap smart and clever people like you. They’re made for people who aren’t paying that much attention to the details of what they’re doing online, or people who are so terrified about the prospect of losing access to Nailed It! that they’re willing to give up their account details whenever asked. (I understand that feeling completely.)

The more you understand some of these red flags, the better-equipped you’ll be to handle the next phishing attack that comes your way — especially if it’s a bit smarter than this one. They include:

  • An email contains an odd sense of urgency for a website or service that you already paid to access for a set period of time/
  • An email’s sender doesn’t even come from the company’s domain: In this case, the phishing emails came from a “[email protected],” instead of something like, say, “netflix.com.”
  • You’re getting a random email about some account issue that’s never been an issue throughout the entire time you’ve used a site or service.
  • The URL of any websites linked within an email don’t actually exist on the company’s domain.
  • A website or service asks you to supply more information about your financial services or security than you were ever previously asked.

Log in to comment on this story!