Akankasha Dewan 17 December 2019 13:09:46 AEDT 5 MIN READ

Phishing email spoofing Netflix asks users to ‘reset’ accounts within 72 hours

Netflix users, don’t panic if you receive an email claiming your account information needs to be ‘reset’. The popular entertainment company has once again been spoofed by cybercriminals in a phishing email scam.

MailGuard first detected these malicious emails infiltrating inboxes today morning (AEST). The email uses a display name of "Netflix Inc." and shows a sending address with the domain ‘@netflix.com’. The actual sending address appears to be a compromised email account.

The email body incorporates Netflix’s branding and colour schemes and impersonates a layout that’s similar to legitimate Netflix emails. It advises recipients that some information on their account “appears to be missing or incorrect”. Recipients are directed to update their account information so that they can continue to enjoy the benefits of their account. A link is included to “verify now”. It also includes a warning that users must update their information within 72 hours or their account will be limited.

Here is a screenshot of the email:

Netflix edited_1712

Unsuspecting recipients who click on the link to ‘verify now’ are taken to a Netflix-branded phishing page that includes branding & images commonly found on legitimate Netflix page. A Google reCaptcha is used, to add legitimacy to the phishing page:

Netflix 1_1712

Once users pass the reCaptcha, they’re presented with another fake Netflix-branded page that masquerages as a login form.

Netflix 2_1712

‘Logging in’ then takes users to two different forms that ask for their account & payment information, as per the below screenshots:

Netflix 1712_account



After inserting all required fields and clicking ‘agree & continue’, the user is finally redirected to the actual Netflix login page.

The sole purpose behind this elaborate scam is to steal Netflix users’ email addresses and passwords, along with their credit card details.

As you can see from the fake log-in page above, cybercriminals have taken great pains to incorporate the exact colour scheme, logo, fonts and popular images commonly found in Netflix pages in a bid to convince the user that the email is actually originating from the entertainment company. It is also interesting to note that the inclusion of the reCaptcha feature. This only adds on to the sense of legitimacy evoked by the email as such safety features expected of a well-established company like Netflix. All this serves to elicit a more confident response from recipients who think they are, in fact, verifying their accounts by clicking on the provided link and entering their confidential login details.    

Besides this, the inclusion of the threat to update accounts within ’72 hours’ and a subject line that begins with ‘[Action Required]’ also attempt to evoke a sense of urgency & panic among users. This motivates them to do the email’s bidding without taking more time to check its legitimacy.  

Despite these techniques, the email contains several red flags for anyone who is vigilant enough to spot fake email scams. These include the lack of a personalised greeting (i.e. doesn’t address the customer directly by name).

This is not the first Netflix based scam MailGuard has seen recently. Netflix is a popular and well trusted company with an immensely large customer database, so their branding makes a good lure for cybercriminals looking to deceive people. 

If you see an email from Netflix, please exercise caution and make sure it is a legitimate communication before you open it. Please share this alert with your social media network to help us make the people aware of the threat.

What to do if you receive such emails

As a precaution, avoid clicking links in emails that:

  • Are not addressed to you by name, have poor English or omit personal details that a legitimate sender would include
  • Are from businesses you’re not expecting to hear from.
  • Ask you to download any files

Take you to a landing page or website that does not have the legitimate URL of the company the email is purporting to be sent from. 

MailGuard urges email users to remember that cybercriminals prey on the brands that we trust and love, like Netflix. It's wise to always be skeptical of messages from unfamiliar senders asking you to log into your accounts.

Defend your inbox

Even the most experienced and savvy email users can have a moment of haste, carelessness or fatigue when their guard is down. Just practising good common sense isn’t enough anymore, because for scammers it’s a numbers game; they know that if they keep sending their scams, sooner or later we will slip up and do something we shouldn’t.

Phishing scams can be enormously costly and destructive, and new scams are appearing every day. Don’t wait until it happens to you or someone in your business; take action to protect your inboxes, now.

Speak to the MailGuard team today to learn more how MailGuard's predictive and advanced email security can help protect your business for a few dollars per staff member per month. 

Talk to a solution consultant at MailGuard today about securing your company's network. 

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates