A hacker purporting to be Netflix is attempting to steal information from the subscription service’s more than 100 million customers via an email scam.
Netflix subscribers have reported receiving emails that claim their membership must be re-validated and sensitive information should be provided in order to do so.
According to USA Today, the email instructs subscribers to enter billing information, like credit card numbers, on the Netflix website via a link that takes them to their account on the site’s page -- but the link doesn’t actually go to a real Netflix web page. Instead, internet users are directed to a fraudulent site.
The email, which warns subscribers of potential account suspension in bold letters, reads: “We were unable to validate your billing information for the next billing cycle of your subscription therefore we’ll suspend your membership if we do not receive a response from you in 48 hours.”
According to Australian web and security company Mailguard:
This scam email is relatively well-designed. The scammers are using a template system to generate individualized messages with specific recipient data.
This works like a mail-merge; the body of the email is generic, but the sender field is designed to show the name of the intended victim, which personalizes the scam making it more convincing.
New Email Scam Using Fake Netflix Website https://t.co/LRYSVWDPMk— MailGuard (@MailGuard) November 3, 2017
This isn’t the first time Netflix customers have been targeted by scammers.
“Unfortunately, these scams are common on the internet and target popular brands, such as Netflix and other companies, with large customer bases to lure users into giving out personal information,” a Netflix official said in a statement to WIRED.
Netflix’s website encourages customers to hover their computer cursors over a link to see the website’s URL. Oftentimes, a URL can determine a webpage’s sponsor.
“If you’re unsure about a link in an email, you can always hover your cursor over the link to see where it directs in which you can see the real linked web address at the bottom of most browsers,” the Netflix website reads.
Netflix officials say the company does not ask for any personal information to be sent to over email, including account passwords, Social Security numbers or credit/debit card information.
WIRED suggests taking these steps to find out more about a sender if you’re suspicious of an email:
To confirm who really sent an email, click on the downward arrow next to the sender's name in Gmail. It'll expand to show the full info. Hover over any links to confirm that they lead to the URLs they claim. Make account changes by navigating, on your own, to a site itself, and log in there instead of going through an email link. Don't reuse passwords.
© 2017 Cox Media Group.