The message starts off with the kind of information that is apt to send shivers down the spines of many binge-watchers
The United States’ Federal Trade Commission (FTC) issued a warning late last year about an email-borne scam campaign in which fraudsters impersonate the streaming giant Netflix and phish for people’s personal information.
This variation of a Netflix-themed scam deploys a tried-and-tested stratagem, starting off with a duplicitous note that your account has been put on hold due to something being wrong with your payment details. Indeed, this is one of the most common ways in which various phishing scams intend to prompt message recipients into taking action.
Also common in catch-all scam campaigns is a generic salutation, rather than a personalized one – in this case “Hi Dear”. This alone is a telltale sign that the message is very, very unlikely to have been sent by a legitimate organization.
At any rate, the email – a screenshot of which was shared by police in Ohio earlier in December – is quick to proffer a fix for the purported “trouble with your current billing information”: Update your payment information, using an embedded link. Clicking such a fraudulent link takes you to a fake login page that will ask for, and then steal, your login details.
The usual piece of advice vis-à-vis phishing scams applies equally in this case: It’s best not to click anything in messages that arrive out of the blue. Double-check that the message and its sender are legitimate, for example by contacting the service provider – but disregard the contact details provided in the bogus offer for help.
ESET researchers, too, have previously issued a warning about a Netflix-themed scam – one that spread via WhatsApp and promised free access to the streaming platform for a whole one year. As another example, another phishing campaign that impersonated Netflix made the rounds later in 2017, attempting to reel in millions of the service’s subscribers.