Akankasha Dewan 27 November 2019 13:57:09 AEDT 5 MIN READ

Multi-staged phishing scam tells Netflix users to ‘update’ accounts or risk losing subscriptions

Netflix users, don’t panic if you receive an email claiming your Netflix subscription has been put on hold. The popular video streaming platform has once again been spoofed by cybercriminals in a phishing email scam.

MailGuard first detected these malicious emails infiltrating inboxes on the 26th of November.

The emails use a display name of ‘Netflix’ or ‘Support’ and are titled ‘Update required – Netflix account on hold’. The body of the email informs you that your ‘last plan payment’ wasn’t completed and to ensure that your subscription isn’t ‘canceled,’ you should update your membership details. You may have noted the misspelling of ‘cancelled’ by the cybercriminals – an early warning sign of a fake.

Here is a screenshot of the email:

Netflix 27_11 edited

Unsuspecting recipients who click on the link to ‘update now’ are led to a fake Netflix-branded sign-in page that asks for their username and password.

Netflix -2711

Once users have entered their login details and have clicked ‘sign in’, they’re taken to a page asking them to insert their credit card details, as per the below:

Netflix updated 2711

They’re then led to a verification page which is titled ‘3-D Security Verification’. It asks for multiple details such as your mother’s maiden name and social security number.

Here is a screenshot of the verification page: 

Netflix 2 2711

Having inserted those details and after clicking the ‘confirm’ button, users are taken to a page titled ‘Confirm your identity’. It asks users to upload an identity document (such as a passport or driver’s ID), along with a ‘selfie photo’ holding your ID/passport.

Netflix 3 - 2711

After providing those images and clicking on ‘next’, you’re led to a page that asks you to ‘confirm’ your credit/debit card details. This page asks for a photo of your credit card, including copies of its front and back sides.

Netflix 4 - 2711

The final page is ‘Identity confirmed’ and it informs you that Netflix takes the security of its account ‘as seriously as you do’ and that ‘these ongoing checks contribute to the company’s ‘high level of security.’

Netflix final 2711

Once you click on the button titled 'My Account', you're led to the actual Netflix login page.

This is a phishing scam designed to harvest confidential payment data from users. MailGuard urges all recipients of this email to delete it immediately without clicking on any links.

As you can see from the fake log-in screens above, cybercriminals have gone to great efforts to incorporate the exact colour scheme, logo, fonts and popular imagery commonly found on Netflix pages in a bid to convince users that the email is authentic, and that it actually originates from the entertainment company. The confirmation message on the last page that ‘Netflix takes its security very seriously’ is also an attempt to boost the email’s legitimacy.

By including the threat in the email that recipients won’t be able to use their Netflix services if they don’t update their payment information is a trick designed to spark panic and urgency, further motivating quick action.

However, while the email incorporates the branding and logo of the company, it contains several red flags for anyone who is vigilant enough to spot fake email scams.

Firstly, there are several grammatical and spelling errors within the body, such as ‘all you have to do is updating your subscription’. Spacing errors are also present throughout the email, a trait that is not expected if the email was, in fact, being sent from a credible organisation such as Netflix.

This is not the first Netflix based scam MailGuard has seen. Netflix is a popular and well trusted company with an immensely large customer database, so their branding makes a good lure for cybercriminals looking to deceive people. 

If you see an email from Netflix, please exercise caution and make sure it is legitimate before you open it. Please share this alert with your social network to help make people aware of the threat.

What to do if you receive such emails

As a precaution, avoid clicking links in emails that:

  • Are not addressed to you by name, have poor English or omit personal details that a legitimate sender would include
  • Are from businesses you’re not expecting to hear from, and/or
  • That ask you to download any files or take you to a landing page or website that does not have the legitimate URL of the company the email is purporting to be sent from. 

MailGuard urges email users to remember that cybercriminals prey on the brands that they trust and love, like Netflix. It's wise to always be sceptical of messages from unfamiliar senders asking you to log into your accounts.

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

It's time to get the protection your business needs.

MailGuard protects businesses around the world against advanced email threats like ransomware, phishing and BEC (CEO fraud).

Speak to the MailGuard team today to learn more how MailGuard's predictive and advanced email security can help protect your business for a few dollars per staff member per month. 

Talk to a solution consultant at MailGuard today about securing your company's network. 

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates