Netflix subscribers, listen up. There’s an email phishing scam circulating that could put your identity at risk.
In this blog post, I will share details about this specific scam, phishing scams in general and tips to stay safe.
So first things first — the email. It arrives in your inbox, likely bypassing the spam filter, and tells you your Netflix account has been suspended because of a problem with your billing info. It includes a link that directs you to what looks to be a Netflix landing page. But looks are deceiving — it’s not a Netflix page but a phishing scam that steals your personal information, which can then be used to steal your identity.
After typing in your username and password on the fake landing page, users are directed to a form that includes full name, date of birth, address, phone number, credit card information. Apparently, some versions of the scam even ask for your Social Security number.
“Scammers use your information to steal your money or your identity or both,” according to the Federal Trade Commission. They might also use those phishing scams to get access to your computer and then install ransomware or other types of malware.
If you’re thinking to yourself “my email spam filters will make sure these types of emails get filtered out,” think again.
“But as with all of the most pernicious phishes, the problem with the Netflix phish isn’t just its convincing look—it’s that whoever’s behind it has found new ways to bypass spam filters over and over again,” according to this Wired.com story.
This phishing scam has made headlines of late, but it isn’t new. It was discovered in January 2017.
So what can you do? We’re so glad you asked.
Tips to Stay Safe
Netflix’s Help Center page shares tips on how subscribers can avoid phishing attempts. They promise that “Netflix will never ask for any personal information to be sent to us over email.”
Beyond that, you need to take a really close look at the email to tell if it’s real email or a phishing scam.
“To confirm who really sent an email, click on the downward arrow next to the sender’s name in Gmail. It’ll expand to show the full info. Hover over any links to confirm that they lead to the URLs they claim,” according to the Wired.com story. Also, look at the body of the email. Does the email use your real name or a generic opening? Are there any misspellings? Is there weird phrasing in the body of the email instead of the well-written and professional correspondence the company usually sends?
Also, you should know that the most commonly clicked phishing emails include urgent calls to action, using words like “expires,” “required,” “immediately,” “notification” and the like.
The standard advice regarding phishing scams holds true here:
- You should never click on links in emails, but rather type the site address in yourself and log in there directly rather than going through the email link.
- Don’t reuse your password across multiple sites. At the very least, don’t use the same password for your email that you use for entertainment sites. For tips on creating the strongest passwords possible, based on the latest recs, see our recent blog post.
And to read more about phishing scams and more tips on how to stay safe, visit our blog post.
If you’re concerned about the risk of identity theft, you’ve come to the right place. LibertyID provides expert, full service, fully managed identity theft restoration to individuals, couples, extended families* and businesses. LibertyID has a 100% success rate in resolving all forms of identity fraud on behalf of our subscribers.
*Extended families – primary individual, their spouse/partner, both sets of parents (including those that have been deceased for up to a year), and all children under the age of 25
Photo Credit: Here we go again, Jørn Eriksson, Creative Commons Attribution-ShareAlike 2.0