Email users should be aware of a spate of convincing phishing scams that appear to come from popular online on-demand service Netflix.
Emails like the one below are being sent to millions of recipients with the aim of tricking them into clicking a link that leads to a spoof webpage that looks like the real Netflix login page.
Depending on the variant you encounter, the email may claim that your payment information could not be validated, and invites you to click a link to update your account.
However, the email is not from Netflix, and the link certainly doesn’t lead to their webpage. Instead, the email has been sent from phishing scammers, and the link will lead to a spoof webpage that has been disguised to look like the Netflix login page. (See below.)
When visitors enter their login information into the spoof webpage, that information is sent straight to the crook who can then potentially access that account.
These emails are generally sent to millions of email recipients using massive lists of email addresses, regardless of whether those recipients are Netflix members. The crooks know that the odds are that their email trap will inevitably end up in the inboxes of a number of Netflix members. Such emails can appear incredibly convincing, replicating genuine emails sent from Netflix in their layout.
However there are always tell-tale signs when it comes to phishing emails that allow a recipient to differentiate between legitimate and phishing emails…
Grammar – the email above has better grammar than most phishing emails, but there are still mistakes. For example Netflix is not capitalised in the email.
No customer name – Non-targeted phishing scams are sent out en-mass to thousands or millions of users. As such the customer name does not appear at the top. Legitimate emails from Netflix will always begin with the customer’s name.
Spoof webpage – If you do click the link in the email you will be able to tell it does not belong to the Netflix website by looking at the web address (URL). Any web address that doesn’t begin with Netflix.com does not belong to Netflix.
It is also worth remembering that phishing scammers often use the same social engineering tricks to lure users into clicking links. This includes the claims that there are issues with either the payment or security of an account.
And if you’re ever unsure, don’t click the links. Head straight to the website (e.g. Netflix) directly through your Internet browser without clicking any links in the email.