Netflix Email Scam Hits Fans With Hefty Price Tag

Netflix subscribers, 150 million in all, are being targeted with yet another email phishing scam. This time, customers receive a bogus email claiming to be directly from Netflix, with the title saying, “Netflix Membership On Hold.” Netflix found its subscribers receiving email phishing with the sole purpose of stealing a ton of PII (Personally Identifiable Information). Those lured into the scam gave up account details, including login and credit card information and found their account costing much more than their monthly Netflix fee. Customers had their identity stolen, as well as considerable damage to credit cards and bank accounts.

The scam included a look-alike HTTPS domain to appear very convincing even to those examining the URL. Security standards have changed allowing anyone to purchase a certificate for their site; yes... even criminals. So the old standard of looking for the HTTPS is gone. The new standard is to verify the company name to the left of the HTTPS.

Spotting phishing emails often takes a keen eye and a healthy dose of skepticism. The FTC issued a warning on their website about this latest Netflix scam, sharing their advice on email phishing with Netflix fans and others who may be caught in a phishing net.

- Better safe than sorry. Any email from Netflix or elsewhere asking you to confirm account details, especially when an attachment or link is involved, is suspect. The FTC suggests making a phone call to the sender to verify the email is legitimate or get the official website URL and go directly to the site. Never use phone numbers or URL’s from the email, as hackers are waiting for your call on the other end.

- Examine the email for red flags. Bad grammar and spelling are giveaway, as are poor or shoddy graphics. In the Netflix instance, the greeting is a very odd “Hi Dear,” a huge clue that the email isn’t from a professional or legitimate source. Also, not having a Netflix account to begin with is perhaps the biggest clue of all. Don’t let curiosity get the best of you. If you don’t have an account, just delete the message.

- Never open attachments or follow links from emails you’re not expecting. Hackers infuse phishing emails with malware-filled attachments and bogus website links designed to steal PII. If you’re not expecting the email or have any doubts about the sender, delete the email immediately. You may also choose to alert Netflix or the FTC about the email, letting them know there’s an active scam going on.

- Use 2FA, or multi-factor authentication (MFA). When offered, set another level of protection with an added identity factor. If a hacker gains access to your account, having another means to show that it’s actually you is strongly recommended. Having the provider send an authentication code to your smartphone or other device prevents hackers from accessing your account.

- Use anti-virus software and keep security patches and latest app versions updated. Should you open a malware attachment, anti-virus should prevent it from spreading. Operating system and app updates should be done immediately when available. The latest security issues and bug fixes are addressed with system updates and security patches.

Stickley on Security
Published May 6, 2019