Netflix Phishing Scams – How to Recognize and Counter Them

Companies such as Netflix, PayPal, DHL, and Amazon are often leveraged in various phishing scams, where cyber crooks exploit their popularity to trick users into sharing personal and financial information.

There is barely a user who hasn’t received a crafty spam email. And in many cases, the user even opens the email despite knowing the risks of interacting with suspicious content (links within the text body, attached documents).

In April 2020 a new iteration of the Netflix email phishing scam has been detected in an ongoing attack campaign. It is being sent by a criminal group en-masse against end users using the common approach of blackmailing the recipients into believing that they need to renew a subscription. This time the notification which are shown indicate that the setup automatic payment to Netflix has not gone through. An URL is provided in order to renew the payment. Most of the messages which are sent use the following title RE:[Billing Suspend] Account modification Can be returned for subscription payment Service.

In February 2019 a new type of Netflix phishing scams has been reported — this time taking the form of a password reset e-mail notification. The recipients will receive email messages that copy the body design and text style of the authentic Netflix messages. There are two cases which are commonly used:

• Requested Password — If the users request a password reset from Netflix and the fake message arrives before the legitimate one the victims will probably interact with it. This is a very difficult scheme to execute as the senders will need to know the exact time at which the reset is requested. This is commonly done by installing a Trojan on the computer beforehand which will automatically trigger the phishing.
• Bulk Sending — The criminals can send out the images with the intent that the targets will interact with the messages directly without thinking that a password reset has not been requested by them.

A formal warning concerning a new wave of Netflix phishing scams was issued by the FTC. The way its distributed is mainly via email messages that allegedly mask as legitimate messages that originate from the service. In fact they are produced by criminals with the intention of coercing them into opening up links leading to malware sites. The scams feature text design layout and design elements that are very much like the real notifications. In the body contents a link will be placed to “update” the victim’s account details. If it is clicked the users will be redirected to a landing page that will request the account their data.

We have received reports of a new attack campaign carrying Netflix phishing scam messages. The captured strains are being spread globally and different variants may be developed in time. The displayed email message reads that the victim’s account has been suspended. The typical design elements of Netflix are also included in order to coerce the users into interacting with the dangerous elements. In this case it is a phishing link that will lead to a fake login page.

The shown landing page will request the Netflix login details, if entered they will automatically be transferred to the hacker operators.

Luckily, there are ways to recognize phishing emails, and in this article we are going to present to you the latest variants of Netflix-themed phishing scams. And respectively, how to protect yourself from them.

Netflix Phishing Scams – Description

Phishing attempts are constantly being improved and made more sophisticated and personalized.
Carefully crafted spear Netflix-themed spam emails have been spreading attempting to trick Netflix users into revealing their credit card information. These emails are typically designed to make the subscriber believe that his or her membership is about to be discontinued unless immediate action is taken. This is the very first red flag that should alarm you of malicious intentions.

Netflix Phishing – Membership Suspended FauxEmail

Phishing emails are usually written with the idea of creating a sense of urgency, and often try to intimidate the user by claiming their membership is about to be suspended. This is clearly a threat that no legitimate company will actually induce, be it Netflix or some other subscription-based popular service.

An example of such email:

We were unable to validate your billing information for the next billing cycle of your subscription. We’ll suspend your membership if we do not receive a response from you within 48hours.

Keep in mind that an email presenting claims such as the above example do not belong to Netflix or any other legitimate company. If you are tricked into giving away your personal or credit card information, your Netflix accounts may be compromised, and your identity may be misused. In case you encounter such an email, don’t open it, or if you do open it – don’t interact with any of the links or attachments. In addition to being robbed, your system may be flooded with malware.

Netflix Phishing – Payment Declined Faux Email

Another version of Netflix-themed phishing emails concerns declined payments, and it was detected a while back by MailGuard security researchers. In this case, the user will be asked to re-enter details about his credit card because it wasn’t recognized, or something of the sort.

Here is an example of such email:

We attempted to authorize the Amex card you have on file but were unable to do so. We will automatically attempt to charge your card again within 24-48 hours.
Update the expiry date and CVV (card verification value) for your Amex card as soon as possible so you can continue using it with your account.

As you can see, the phishing email is carefully crafted – it has the company logo, a call-to-action button and once again a sense of urgency is created. If this button is clicked the potential victim will be taken to a page where the demanded payment details should be provided. Needless to say, doing so will harm your credit card details and your finances.

Netflix Phishing – Malware Infections

Credit card details harvesting may not be the only thing cyber crooks are after. There have been several Netflix-themed malicious campaigns where malware has been dropped onto victims’ systems.

One such case was registered in February a couple of years ago. That malware campaign was representing itself as a cheaper mean to access and watch movies on Netflix.

One distribution method employed by attackers involved malicious files masqueraded as Netflix software. The malicious files were downloaders that, upon execution, opened a Netflix-themed home page while silently downloading Infostealer.Banload.

Infostealer.Banload is classified as a Trojan horse. Once installed on a victim’s system, it opens a backdoor and harvests various types of sensitive information. In addition, the Trojan may also download other malicious files, and may lead to further infections.

Netflix Phishing – Scam Login Page

Another variant of the Netflix scams is the creation of fake login pages. The versions in particular which are proven to be dangerous present a simple sign-in dialog with a background image taken from their production. Other elements that can manipulate the users into thinking that they have accessed a legitimate page belonging to Netflix includes the following:

• Facebook Login — The pages also contain a Facebook login option. If clicked the hackers will be able to obtain the authentication token and thus gain information about the users social network data.
• Language Options — Several multi-language versions of the landing page can be accessed. This is viewed as a characteristic of the legitimate Netflix login page.
• Similar Domains — The Netflix phishing scam landing pages of this type can use similar sounding domin names. This means that if the actual website is mistyped the users may land on a fake domain without noticing.
• Security Certificates — Self-signed or stolen certificates can be installed which can institute a false sense of security.

How to Stay Protected Against Netflix Phishing Scams

Fortunately, there are ways that could help to secure your Netflix account. The company itself has provided some “top recommendations” for keeping your account and personal information safe:

• Use a password unique to Netflix and change it periodically;
• Be aware of possible phishing attempts;
• Keep your computer safe;
• Report fraudulent or suspicious activity;
• Sign out of unused devices;
• Report security flaws to Netflix.

In addition to these general security tips regarding your Netflix account, make sure to follow these tips regarding your email account and personal computer:

• Do not provide any details about you, your addresses or similar information via email or on unverified websites;
• Do not open email attachments, as it is highly unlikely for Netflix to do so;
• Always use Netflix’s official website to refer to pages in connection with the service;
• Don’t interact with messages with grammatical or typographical errors;
• Don’t interact with emails that are not addressed to you by name;
• Avoid messages sent by a service you don’t expect to hear from;
• Don’t trust messages that do not include a tracking number or specific details about your order or address;
• Avoid clicking on links to provide your email address or other personal details for verification;
• Avoid payments to someone whose identity you can’t confirm.

Netflix VPN Protection: Why to Use Such a Service

The use of an advanced and capable VPN solution guarantees that Netflix subscribers will be able to access the content if it is being blocked or limited due to ISP reasons. This is especially useful in countries where the catalogue is limited, not available or throttled to a degree which makes streaming movies and rich content unpleasant.

Netflix as one of the most popular Internet services is constantly being throttled and limited by Internet Service providers, some of them even include specific terms when it comes to streaming movies. A VPN service allows the users to set up a private and encrypted connection via special Netflix-optimized servers allowing them to continue enjoying the on-demand movies and content. Additional effects that come from using VPN service include the following:

• Bypassing censorship and regional blocks instituted on Netflix by ISPs, corporate firewalls or other measures
• Removing some popular types of advertising and tracking cookies
• Ensuring that a secure connection is always being used
• Optional compression done on data like images and multimedia to ensure that they load faster

One of the most important factors for choosing VPN services, and in the case of Netflix as well, is to always ensure that a stable and fast connection is made. Offerings should have a Netflix-optimized server which delivers excellent playback and performance.

Security-wise, there are important factors that should be considered every time sites are visited: DNS leakage protection, SSL certificates enforcement and any additional privacy guard options. Nowadays VPN services are recommended for users across all types, even those that live in “ordinary” countries due to the fact that most of the Internet sites and services load intrusive tracking ads, scripts and other payloads. A large part of them depend strictly on the Internet traces left by the users. When a VPN service is used to a large extent, this will block their normal functioning.

How to Remove Netflix Phishing Scams

All that is required to remove some Netflix scams is to ignore the message, never respond to it and delete it. Other scams require a bit of action, such as thoroughly scanning your computer with security software to determine whether you have some malware component that is pushing Netflix spoofed messages to your computer, browser or email address.

In case you believe your computer is endangered because you have interacted with a Netflix phishing email, it’s strongly recommended to scan it with security software.

SpyHunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter