A new scam is going around online, targeting Netflix subscribers and trying to take their payment information. According to a report by Cord Cutters News, the new scam typically arrives by email and encourages you to click a link to an outside website. Once there, it will ask you to enter your payment information, and then take your credit card number.
This new email scam does everything it can to look legitimate — dressing up its format so that, at first glance, it appears to be an official communication from Netflix. It tells customers that there has been an error with their payment information, and they need to re-enter their card number on this new website. If you do, it will only be used for identity fraud, and will not impact your Netflix subscription in any way.
This scam is reportedly having far more success than many others of its kind, mostly because it looks more legitimate than the others did. In fact, it even redirects customers back to the main Netflix website after taking their information, so they may not even know their identity has been stolen until it's too late.
Netflix is asking customers to forward these emails to them if they receive this kind of scam. They have a special account set up for this purpose: firstname.lastname@example.org. The streaming service also notes that any official communication from them will come from a Netflix.com email address, and will most likely only link them to a Netflix website.
Other scams of this nature have been common in the last few years, with some offering enticing free passes to the service in emails or social media messages. Oftentimes the scams are easy to see through, especially when they include spelling or grammatical errors, indicating that they may come from unofficial sources. However, cloud security service Armorblox issued a blog post this week, explaining how the new round of phishing emails is one of the most convincing yet.
"This email got past existing email security controls... because it didn't follow the tenets of more traditional phishing attacks," it explained. "Upon clicking the email link, targets are first led to a fully functioning CAPTCHA page with subtle Netflix branding (black background, red buttons). Upon entering the correct alphanumeric sequence, targets are led to the main phishing site. A functioning CAPTCHA page makes the entire communication seem more legitimate."