Watch Out for this Netflix Scam Email

Netflix customers are being warned to watch out for increasingly convincing-looking phishing scam emails, purporting to be from Netflix. Recipients who fall victim to these emails and click through, supposedly to update their Netflix account information, risk huge data and financial loss.

With so many of us isolating at home during the Covid-19 lockdown, the thought of losing Netflix access is almost as alarming as getting your home’s water supply cut off. So, a Netflix-branded email claiming your payment details have failed could easily grab your attention and prompt dangerously hasty action.

We explain how the Netflix trap works and how to make sure you’re dealing with genuine emails, not imitations.

Watch out for phishing threats and more with our guide to the Latest Scam Emails

Netflix Email Scam – How it Works and How to Spot It

The scam email looks pretty convincing from the off. It’s headed up with the Netflix logo, and the intro line of “Something went wrong” will feel familiar to any of us whose streaming has cut out- usually at the most important moment in a show.

But, looking closer, there are tell-tale signs that this email has nothing to do with Netflix itself.

How to spot it’s a scam email:

• Although the email looks at first glance to come from Netflix, the true email address (shown at the top) has a different domain
• There’s no attempt to address the recipient by name, a sure sign that this email has been sent en masse to thousands of accounts
• The sign-off, “Your friend at netflix” is also particularly strange language, unlikely to be used by genuine customer service teams

Click to expand

The email makes a decent effort to imitate genuine Netflix communications. There’s even a reasonable attempt at rounding off the bottom of the email with a customer service and contact box.

But, as with most scam emails, there’s a missing detail or two which shows things aren’t legitimate. Another standout clue here is the fact that the text simply trails off into nowhere after saying “If you need help or would like to contact us…”

Click to expand

How the scam works

There are a couple of red flags here that suggest how the scam will trap victims

• There’s a .txt file attached to the email. Opening or downloading such a file can install malware onto your machine. This can potentially include ransomware, which can lock your account if payment isn’t made
• Victims are encouraged to click on the Update Payment link. This does not take you to the genuine Netflix site – if you’re ever in doubt, hover over the link (without clicking) to reveal the true destination URL
• The email contains language designed to panic users into acting quickly, with the threat of losing your Netflix access if you don’t update your payment details

Click to expand

What Happens if You Click on the Netflix Scam?

First of all – don’t try this one at home, and especially not if you’re currently using a work computer that accesses your company’s network and data. Easily avoidable security mistakes are costing companies big time during this remote working lockdown period, after all.

Under controlled conditions, we clicked, so you don’t have to. The link from the Netflix scam email takes you to a landing page that looks very similar to the real thing. It asks you to log in with your email address and password.

If you were to type in your genuine credentials, a scammer would have all they need to lift your account details and take advantage of your personal information. For Netflix, that may not seem to matter much. But, given how many of us are guilty of re-using the same old passwords again and again (please, use a password manager instead), it wouldn’t take much to use these details to attempt to log into more sensitive accounts.

If you’re ever in doubt about whether you’ve landed on a scam phishing page, a simple trick is to enter a completely made up email and password, as we did, below. If you can still proceed, it’s a scam for sure.

After we entered our phoney login details, we were encouraged to update our billing details. This would be handing the most sensitive data possible over to a scammer. All the links on the landing page – including ones which appear to be for adjusting your Netflix profile settings – circle you back to the same form to enter your details.

Click to expand

Click to expand

Click to expand

What should you do if you receive scam emails?

Scam emails are part and parcel of online life, and while email filtering continues to improve, it’s tricky for Gmail, Outlook and others to stay ahead of every threat. A few simple approaches can keep you safe from Geek Squad Scams, Netflix email scams and other online threats.

Delete or report

It doesn’t get much simpler than deleting obvious scam emails. If you’re feeling like a good digital citizen, you can report them first. You can usually do this via using the exclamation mark icon, or similar, for flagging spam emails. Or, you can forward the emails to the appropriate accounts for the genuine services being impersonated (for example, phishing@netflix.com). If you’re encountering scam emails on a work email account, inform your IT administrator promptly.

Don’t click

To avoid risk, don’t click on any of the links in a potential scam email. If you aren’t sure whether you’re dealing with a genuine message or not, hover over the links to reveal the true destination address. If you want to check your account information, open a new window or tab and navigate to the real website independently of the links in the email.

Avoid attachments

Attachments are a crafty way of disguising malware and spreading threats. If you see an unusual attachment in an email you’re not expecting, never click to open it.

Don’t update billing information

Above all, never update your financial details or billing information after being prompted to do so by an unsolicited email. Most companies warn you against doing so. For instance, Netflix itself says:

“We will never ask for your personal information by texts or email. This includes: Credit or debit card numbers; Bank account details; Netflix passwords” – Netflix scam guidance

Don’t re-use the same passwords

We can’t emphasize this enough. If you’re using the same password to log into multiple accounts, then it only takes one account to be compromised and they’re all at risk. Password managers are a simple, low-cost and secure way to manage multiple logins. The best one we’ve tested is 1Password, which offers a free trial period. See all our password manager recommendations to learn more.