The Federal Trade Commission (FTC) is warning of a new phishing scam reeling in Netflix customers and stealing their payment information.
According to a post published by the FTC, Wednesday, the spotted scam purports to be an email from Netflix. The email claims that the victim’s account was put on hold due to billing issues, and asks the victim to update their payment method.
“Police in Ohio shared a screenshot of a phishing email designed to steal personal information,” said Colleen Tressler, consumer education specialist with the FTC in a post. “The email claims the user’s account is on hold because Netflix is ‘having some trouble with your current billing information’ and invites the user to click on a link to update their payment method.”
In reality, the bad actors who sent the email are pocketing that payment information.
“We take the security of our members’ accounts seriously and Netflix employs numerous proactive measures to detect fraudulent activity to keep the Netflix service and our members’ accounts secure,” a spokesperson told Threatpost. “Unfortunately, scams are common on the internet and target popular brands such as Netflix and other companies with large customer bases to lure users into giving out personal information.”
In a post on its website, the company advised customers to “be aware of possible phishing attempts” including emails that imitate the company and ask for personal information.
Netflix will never ask for personal information to be sent via email, including payment information, social security number or account password, the company said.
“Netflix may email you to update this information with a link to our website, but be cautious of fake emails that may link to phishing websites,” said Netflix’s security page. “If you’re unsure about a link in an email, you can always hover your cursor over the link to see the linked URL at the bottom of most browsers.”
It’s not the first phishing scam involving Netflix by any means – earlier in June, researchers discovered a Netflix phishing scam that leads victims to sites with valid Transport Layer Security (TLS) certificates. Researchers said the bad actors behind those attacks will take advantage of unpatched installs or plugins, or weak passwords, to compromise usual-suspect CMS software, like WordPress or Drupal – and then create phishing sites that could be mistaken for real Netflix domains.
Tressler suggested that email users avoid these types of scams by looking closely for “clues” like bad grammar or spelling.
“Other clues: Your name is missing, or you don’t even have an account with the company,” she said. “In the Netflix example, the scammer used the British spelling of ‘Center’ (Centre) and used the greeting, ‘Hi Dear.’ Listing only an international phone number for a U.S.-based company is also suspicious.”