Netflix subscribers hit with e-mail scam
If you recently received an e-mail from Netflix asking you to update your subscription information, you’re not alone. In fact, you’re one of millions of Netflix members being targeted in a new e-mail scam.
On 3 November, Australian cybersecurity firm MailGuard detected a malicious scam in which Netflix subscribers were receiving emails threatening to suspend their accounts if they did not update billing information.
The worst part? According to MailGuard, the e-mails were well-designed and used a template system to generate individualised messages with specific recipient data. The result is a generic body that invites members to restart their account with a sender field that is designed to display the name of the intended victim.
In a few instances, however, the template was faulty and was unsuccessful in merging the recipient field. Instead of displaying the Netflix account holder’s name, the e-mail was incorrectly addressed to ‘#name#’.
This error doesn’t detract from the scam’s sophisticated design. The message sent from ‘Netflix’ (scammers) informs subscribers that their billing information is invalidated and asks them to update account details. A link at the end of the message titled ‘Restart Membership’ will direct users to a fake website.
Subscribers will be asked to login and then enter personalised information, such as an address, birth date and credit card number. Once the sensitive data has been collected, the fake website will display a reactivation screen, reassuring members that their memberships have been successfully updated.
MailGuard has revealed that the imitation Netflix website was constructed by hackers who broke into WordPress blogs and took advantage of vulnerabilities such as blog plugins. Once inside, the scammers constructed a website that is strikingly similar to the Netflix login page.
Despite the similarity, Netflix confirmed in a statement that the e-mail is in fact a scam, citing that “unfortunately, scams are common on the internet and target popular brands such as Netflix and other companies with large customer bases to lure users into giving out personal information”.
According to its security page, Netflix will never ask for sensitive information to be sent over e-mail and advises its members to be aware of possible phishing attempts.
How to avoid becoming a victim of the Netflix scam
We’ve seen in this recent Netflix e-mail hack how far that some phishers will go in deceiving you to hand them over sensitive information – which they in turn will use to commit theft or steal your identity. Fortunately, there are a number of ways to avoid phishing attempts, starting with how to identify them.
Firstly, always check that an e-mail comes from the actual sender by hovering your mouse over the sender’s name. Ignore the ‘sender’ name, and instead focus on the e-mail address that the sender is using. The e-mail address should include the domain that the e-mail content is pointing to. If it appears to be an unfamiliar domain, avoid it.
Another option is to log into your account and scan for any messages with similar requests to those you may have received in an e-mail. If your account looks as normal as ever, it may be the case that you have received an email from a phisher. You can also contact the company in question to inquire about your account details.
Lastly, if you’re uncertain in your ability to discern suspicious e-mails, consider downloading or purchasing e-mail and Web filtering systems, such as SPAMfighter Pro, Mailwasher Pro or ChoiceMail One.
IDG News Service