Netflix is home to more than 100 million users from around the world and since it is a paid service the chances of online threats against the service are higher than usual. Recently, HackRead detected a phishing scam that targets personal and financial data of Netflix users in the name of updating their payment method.
Although there is nothing new about Netflix scams, when a phishing email comes right in your inbox rather than ending up in the junk folder, it does pose a threat to unsuspecting users. Same happened in this scam when scammers sent an email pretending to represent Netflix and urging users to update their payment method as they are having “trouble authorizing credit card” of the user.
The email asks users to click on a link (netflix.com/YourAccountPayment) that seems authentic but in reality, it is a spoofed link and behind this link hides the phishing link developed to steal your Netflix login credentials and credit card data.
At first look, the email looks authentic, but after going through its content, it becomes evident that sender needs some grammar classes while the Outlook based email address used in the scam is enough to detect it as a fake Netflix email.
But if you are unaware of phishing scams and somehow fall for this scam and click on the spoofed link, it will take you to a fake Netflix login page with Marvel’s Daredevil TV series on the background. The sign in form is designed not only to steal Netflix data, but it also allows users to log in with their Facebook credentials. In this way, scammers can take Netflix and Facebook email and password as a jackpot.
Once a user signs in, they are taken to another page claiming to deal with payment validation and asks them to enter their credit card details including cardholder name, card number, expiry date, security code and postal address.
After clicking on “Update Payment Method,” user is redirected to the official Netflix help page to trick users into believing that whole process was authentic.
Good news is that HackRead.com reported the scam to the hosting firm where the scam was hosted who has removed the phishing domain. However, if you have an account with Netflix you might be the next user to be targeted with a similar scam, therefore, be vigilant and in case you receive a suspicious email, contact Netflix through their website chat service.