Akankasha Dewan 20 September 2019 16:53:59 AEST 3 MIN READ

Phishing email brandjacks Netflix; claims users’ subscriptions are ‘canceled’

Netflix users, don’t panic if you receive an email claiming your Netflix subscription has been cancelled. The popular entertainment company has once again been spoofed by cybercriminals in a phishing email scam.

MailGuard first detected these malicious emails infiltrating inboxes across Australia on Friday morning (AEST).

Sent via a compromised account, the emails use a display name of ‘Netflix’, with the name part of the address being ‘info.mailer.netflix.com’. The email actually comes from what appears to be a compromised domain.

The body of the email is titled ‘Your Netflix subscription has been canceled’. It advises the recipient that Netflix has been unable to pay their subscription and would be very happy to help them reactivate it. A link is provided to "Reactivate The Subscription"

Here is a screenshot of the email:

Netflix 20-09 3

Unsuspecting recipients who click on the link are taken to a Netflix branded phishing page, as per the below:

netflix crown

Once the user logs into their account, they are taken to what appears to be a Netflix account page, with a notification at the top stating their account has been suspended and payment information needs to be updated.

Here is a screenshot of their page:

netflix account 2

Clicking the link to ‘continue’ then leads the user to a form demanding their payment information, as per the below:

netflix billing

MailGuard urges all recipients of this email to delete it immediately without clicking on any links.

While this email incorporates the branding and logo of the company, it contains several red flags for anyone who is vigilant enough to spot fake email scams.

Firstly, there are several grammatical errors within the body, such as “we have never been able to solve the payment problem”. There is also a footer containing instructions in French at the end of the email. All these uncommon traits are expectedly not likely to be present if the email was, in fact, being sent from a well-established organisation such as Netflix.

This is not the first Netflix based scam MailGuard has seen recently. Netflix is a popular and well trusted company with an immensely large customer database, so their branding makes a good lure for cybercriminals looking to deceive people. 

If you see an email from Netflix, please exercise caution and make sure it is a legitimate communication before you open it. Please share this alert with your social media network to help us make the people aware of the threat.

What to do if you receive such emails

As a precaution, avoid clicking links in emails that:

  • Are not addressed to you by name, have poor English or omit personal details that a legitimate sender would include
  • Are from businesses you’re not expecting to hear from.
  • Ask you to download any files
  • Take you to a landing page or website that does not have the legitimate URL of the company the email is purporting to be sent from.

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

One email

Cybercriminals use email scams to infiltrate organisations with malware and attack them from the inside. All criminals need to break into your business is a cleverly-worded message. If they can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.

Talk to a solution consultant at MailGuard today about securing your company's network. 


Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates