FTC Issues Warning About New Netflix Phishing Scam

Jan 3, 2019


The U.S. Federal Trade Commission has issued a warning about a new global Netflix phishing scam that tries to fool Netflix subscribers into revealing their account identifications and payment information. The scam uses a well-tried method to get that information: The danger of account closure because of payment information being outdated.

Users are sent a message asking them to bring up-to-date their payment details since Netflix has experienced problems getting the monthly subscription payment. The user is offered with an “Update Account Now” button which they can click to enter their true banking/card information. Nevertheless, clicking the link will not direct the user to the authorized Netflix site, in its place they will be taken to a web page on a site managed by the scammer. On that site, Netflix login identifications will be harvested together with the banking information entered by subscribers.

The newest campaign was recognized by the Ohio Police Department, which shared a copy of the phishing electronic mail on Twitter. The FTC also announced an alert regarding the new Netflix phishing scam in a recent blog post.

Image Source: Ohio Police via FTC


As you can see from the image, the message seems official as it has the Netflix symbol and color scheme. The message also closely resembles official electronic mail transmissions often sent by Netflix. Nevertheless, there are revealing indications that the electronic mail is not what it appears. Netflix is naturally aware who their subscribers are and addresses electronic mails to users by their first name. In this electronic mail, the message begins with “Hi Dear.”

Less visible is the hyperlink, however it is something that is pretty easy to check by hovering the mouse arrow over the button. That will display the true URL, which is not the official Netflix website. One more indication is the phone number on the electronic mail is a U.S. number, which for any person based in another country would be highly doubtful.

If the link is clicked, the page the user is directed to looks official and is practically indistinguishable from the actual site, although if a user checks the URL it will verify they are not on the actual Netflix site for their country.

All of these warning indications must be seen by users, but a lot of people fail to carefully check messages prior to clicking. To evade phishing scams such as this, make certain you carefully check all electronic mail messages before replying and if ever you receive an electronic mail having any threat, visit the official URL for the firm directly by entering in the website directly into the browser instead of clicking a link in an electronic mail.