By Maya Cheung / April 5, 2021, 2:23 p.m.

Fresh Phishing: Netflix Email Scams

How Your Netflix Account Ended Up for Sale on the Dark Web
You’re sitting down for a relaxing evening of laughs, emotions, and adventure with your favorite characters. But suddenly, something is wrong with your Netflix account. How did your Netflix credentials end up on the dark web? Your personal and credit card information in unknown hands?

You trust Netflix with your time, money, and business, so why, then, is this beloved streaming platform trying to scam you? Well, Netflix, the company, is not. But instead, cyber attackers are posing as Netflix.

Why Is This Email Scam Happening?
You get dozens, sometimes hundreds, of emails a day from all the different accounts you hold with the subscriptions and services you use. From asking you to confirm your email address to update to the terms and conditions and account changes, these automated transactional emails are frequent and at times critical for service functionality. Therefore, it’s almost second nature to open them and complete whatever action or response is required.

However, it’s this force of habit that these attackers are capitalizing on to hack your account. With more than 158 million paid streaming subscribers worldwide, Netflix and other sizable companies are popular targets for cybercriminals, as there’s a high likelihood that many of the email recipients are Netflix subscribers.

These attackers try to impersonate Netflix with convincing emails and hope you aren’t paying enough attention to skim over minor details--ultimately tricking victims into handing their personal information right into the hands of the scammer. This email scam technique is called phishing.

What Is Phishing?
Phishing is the fraudulent practice of sending emails pretending to be from reputable companies to induce individuals to reveal personal information. This is dangerous because the info can pose detrimental outcomes if in the wrong hands, such as shared passwords or credit card numbers.
However, with such sensitive information on the line, you’d think victims would be overprotective and extra conscientious of where they’re sharing credentials. Furthermore, you may have received a scam email before and recognized it immediately, as the unknown address or spelling errors were a dead giveaway. Nevertheless, cyber attackers are getting even more crafty with complex levels to their phishing emails, as is the case with this Netflix phishing scam.



How Did the Netflix Scam Bypass Security and Trick Victims?
For one, the email itself has a convincing subject line, “Notice of Verification Failure,” and details an urgent issue with billing. The email asks users to verify their personal information within 24 hours to prevent their account from being canceled and then includes an “update account now” link.

As verification failures can, and do, actually happen at times, the concept is not unordinary. Also, the prospect of getting cut off from your Netflix account due to invalid billing details may be incentive enough for users to hand over credentials inadvertently. However, the crucial part of the scam’s credibility is the link within the email.

The link takes the user to a functioning CAPTCHA page with Netflix branding. Once a victim correctly fills in the CAPTCHA information, they are sent to a Netflix lookalike site to fill in login credentials, billing address information, and credit card details. Finally, once the phishing flow is complete, targets are redirected to the actual Netflix home page.

The functioning CAPTCHA page makes the entire communication seem legitimate, along with the equally legitimate domains, which hosted the pages used to orchestrate the attack. In addition, the incorporation of the exact color scheme, logo, fonts, and popular images commonly found on Netflix pages further convinces the user that the email originates from the entertainment company.



How to Spot Phishing Emails
And yet, several components give the Netflix scam away--it’s just a matter of knowing what you’re looking for. Firstly, although the phishing site looks legit, if you click on any of the links such as “need help” or “Sign up now”, the page reloads again, and another obvious giveaway is the URL failing to read Netflix.com. Furthermore, the recipient isn’t addressed in the email, and while the sender title and photo may resemble Netflix Technical Support, the actual sender email address does not contain “Netflix.”
The Netflix scam is a clever attack, and it demonstrates how cyber-criminals are evolving to evade security controls, with convincing tactics that successfully trick users. This Netflix email scam is not the first phishing instance, nor will it be the last--for Netflix and every other targeted company. Therefore, it’s crucial to remain alert: Always be suspicious of any email or text asking you to update personal or credit card information, and scan the details meticulously.

Check for spelling, grammar, and formatting errors. Hover over links to check URLs before clicking. We strongly recommended that you do not click on a link within any email that: fails to address you by name, appears to be from a legitimate company but uses poor English or omits personal details that a legitimate sender would include, or is from a business that you were not expecting to hear from or you do not have an exciting account with.

If you are still unsure, go to the site and log on or contact the company yourself, but look up their phone number or website directly--separately from the email. That way, you can be sure attackers aren’t trying to steal your details.

It’s also important to remember that most legitimate companies and services will “never ask you to enter your personal information in a text or email,” as Netflix explicitly states in its Phishing Help Center. This personal information includes Credit or debit card numbers, Bank account details, and Netflix passwords.

Lastly, you can take the extra step and report phishing scams by forwarding the phishing message to alert others and help protect other possible victims. You can communicate to the company itself, which may have a designated contact line or email for reporting, as Netflix does: [email protected], or even to the FTC here.

What To Do If You Fall Victim to Phishing
If you are a phishing and email scam victim, chances are your personal information and contact information has been leaked and are in the wrong hands. You should change your passwords and update your information immediately. In some cases, you may need to refresh or delete your account entirely, and contacting the financial institution or company it is associated with, is helpful.

Furthermore, some accounts have an option in settings to “log out of all devices,” which is useful when resetting all your information and clearing any unwanted intruders. Even after you change all your information and re-secure all your accounts, there is still the lingering worry of whether your name, email, phone number, address, and other information that is not as easily changeable, is collectively still in unknown hands.

Thankfully, there are resources available to reveal whether your information exists in dangerous places on the web. For example, cybersecurity company, Achilleion, offers a free dark web scan on its website, where you can enter multiple email addresses and learn of any compromises with those accounts.

Finally, if you have been a phishing victim, it’s even more likely that you are now also more susceptible to other scams and security breaches. Taking your security into your own hands is the primary way to deal with cyber attacks like this and prevent them in the future.

How to Prevent Phishing Scams
While we can learn not to be tricked by phishing scams, preventing them from coming into your inbox altogether tackles a whole different beast. Antivirus cannot protect against phishing scams, and as the scams continue to advance, they easily surpass email filtration. There is, however, a way to protect against phishing, using network layer security, which is just one of the ways Achilleion protects you online, through their belief that security is a process and not a product.

Get our BEST updates delivered to your inbox.

Join Achilleion’s email list and get our favorite content regularly. Unsubscribe anytime.