Remove “Netflix was unable to collect a payment″ Phishing Scam

Remove “Netflix was unable to collect a payment″ Phishing Scam

This article has been created to help you understand what is the “Netflix was unable to collect a payment” scam page and what is the “virus” app causing such pages to appear and how to remove it entirely.

“Netflix was unable to collect a payment” is a part of a Netflix phishing scam. Such malware threats often lead to hacker-controlled sites or cause other type of virus infections.

Threat Summary

NameNetflix was unable to collect a payment
TypeBrowser Hijacker/PUP/Email Scam
Short DescriptionAims to get you to type in and giveaway your financial or personal details in a fake Netflix phishing scam.
SymptomsThe intended targets will receive email messages that pose as being sent by the streaming company.
Distribution MethodBundled downloads. Web pages which may advertise it.
Detection Tool See If Your System Has Been Affected by Netflix was unable to collect a payment


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Netflix was unable to collect a payment.

“Netflix was unable to collect a payment” – Distribution Methods

In March 2019 a new Netflix phishing campaign has been discovered by a security research team. They are distributed via different addresses to the target recipients that may appear as safe-sounding domains.

The emails can be collected via various methods — obtained through web forms, other phishing methods or logged via viruses.

An additional method used to retrieve victim email addresses is to use forms collection of payload carriers. The two most popular ones are the following:

  • Software Installers — Malicious application installers can include forms and prompts that request the email address and other contact details of the users.
  • Dangerous Documents — Hacker-made documents containing malicious scripts can trigger prompts and in-file redirects that contain email address prompts. If they are entered the victim’s addresses can be retrieved.

Another approach is to rely on browser hijackers — they are dangerous plugins which are made compatible with the most popular web browsers. They are usually spread on the relevant repositories and contain descriptions that promise the addition of new functionality or performance optimizations. During installation as part of a “registration” procedure the email messages can be gathered.

“Netflix was unable to collect a payment” – More Information

The Netflix phishing scam messages of this particular type hold the ‘Your account is on hold because of a problem with your last payment’. subject line. The messages contain a long text message that is non-personalized and does not start with the appropriate greeting. Instead of a logo image and certain components which are part of the legitimate Netflix outgoing messages the victims will be shown a wall of text that says that Netflix has been unable to collect a payment on their behalf.

This is a typical scare tactic employed to make the recipients believe that someone has accessed their accounts and attempted to purchase a subscription. The other possibility is that a payment has been unable to be processed.

A randomly-generated ID value will be shown to the victims, this is made in order to coerce them into thinking that this has been logged by the system. An attached .HTML file is presented to them which can contain malware of all popular variants:

  • Cryptocurrency Miners — Interactive scripts can load these dangerous miners into to the affected computers. It will download many tasks which take advantage of the available hardware resources: the CPU, GPU, memory and hard disk space. As soon as one of them is completed funds in the form of cryptocurrency will be rewarded to the digital wallets of the hackers.
  • Redirects — The document can redirect the victims to a Netflix fake login screen. They are usually hosted on similar sounding domain names to the service and may also include self-signed security certificates.
  • Trojans — They are among the most dangerous malware types as they establish a secure connection to a certain hacker-controlled server allowing the hackers to take over control of the victim machines. This can allow them to control the machines at any time, retrieve user data and also deploy other threats.
  • Ransomware Infections — Ransomware samples can encrypt user data with a strong cipher in order to blackmail the victims. Usually the chosen file type extensions are chosen by a preset list that is included in the virus itself.

The full text of the email reads the following:

Netflix was unable to collect a payment because of one of the following:

– The method of payment on file is no longer valid or has expired.
– The financial institution did not approve the monthly charge.

To resolve the issue, update your payment method.
Download form attached to this email and follow the instructions.

Once your payment information has been updated, you can continue enjoying Netflix.
If you’re having trouble updating your payment information, you may want to reach out to your card issuer to ensure the card information is up to date or try an alternate method of payment.

Netflix will also automatically retry the failed payment periodically over the course of your billing cycle to help you get the back to enjoying the service.

Read here about all other Netflix phishing email scams

Remove “Netflix was unable to collect a payment” Fully

If you want to remove the “Netflix was unable to collect a payment” redirect, you are welcome to follow the removal instructions down below. They are made to help you delete the files of this unwanted software either manually or automatically from your machine. If the first two removal steps do not seem to work and you keep seeing redirects to pages like “Netflix was unable to collect a payment”, then we would strongly suggest that you use a professional anti-malware software, since such program aims to scan for and delete all malicious files and redirect-causing objects from your machine and also ensure that your system remains protected against intrusive apps in the future as well.


Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share