Akankasha Dewan 25 March 2020 14:14:16 AEDT 5 MIN READ

Phishing email spoofing Netflix threatens to suspend membership; asks users for photo ID

Netflix users, don’t be alarmed if you receive an email threatening to suspend your membership and prohibiting you from watching your favourite TV shows. The popular entertainment company has once again been spoofed by cybercriminals in a phishing email scam.

MailGuard detected these malicious emails infiltrating inboxes across Australia using a display name of ‘Support’ and are titled ‘We have a problem with your account’, as per the below screenshot.


The message body includes the Netflix logo and is titled ‘Please update your payment details’. It informs recipients that their membership will be suspended unless they update their billing information. A link is provided for them to do so.

Here is a screenshot of the email: 


Netflix email zoomed

Unsuspecting recipients who click on the link are led to a fake Netflix-branded login page which directs them to login to their accounts. This is actually a phishing page.

Here’s a screenshot of the page: 

Netflix Login Page

Upon ‘logging in’, users are led to another page featuring Netflix branding. This page is titled ‘Update Your Billing Information’ and asks users for their billing details like their address and phone number.

Here is a screenshot of the page:

Netflix billing information

Upon filling in all the fields and clicking ‘update billing address’, users are shown a new page titled ‘Validate Your Payment Information’:

Netflix payment info-1

Having updated their payment method, users are then led to another page that asks them for their photo ID:

netflix photo ID

Having updated their ID, users are finally redirected back to the actual Netflix website.

The sole purpose behind this elaborate scam is to steal Netflix users’ email addresses and passwords, along with their credit card & other personal details. This particular scam also asks for users’ photo ID, allowing cybercriminals to commit identity theft more easily.

Multiple techniques are employed in this scam to trick users. These include an urgent subject line designed to evoke alarm and panic among recipients who, thinking there actually is a ‘’problem’’ with their account, may be motivated to take action quickly without pausing to think of the email’d legitimacy.

Also, as you can see from the fake log-in page above, cybercriminals have taken great pains to incorporate the exact colour scheme, logo, fonts and popular images commonly found in Netflix pages in a bid to convince the user that the email is actually originating from the entertainment company. Interestingly, in all of the pages, the words ‘Secure Server’ along with the symbol of a lock are included - this only adds on to the sense of legitimacy evoked by the email.

However, while the email incorporates the branding and logo of the company, it contains several red flags for anyone who is vigilant enough to spot fake email scams.

Firstly, there are several formatting errors within the body, such as black footer at the bottom of the email. In addition, the email doesn’t address recipients directly, and the email address provided in the ‘from’ field also doesn’t include the Netflix domain.

Netflix is a regular target for cybercriminals. With more than 158 million paid streaming subscribers worldwide, there’s a high likelihood that many of those that are receiving the email are subscribers and that a portion of those will be too time poor to check the details in the email. Netflix was also targeted with similar scams reported by MailGuard in DecemberSeptember and November last year.

MailGuard urges all recipients of this email to delete it immediately without clicking on any links. If you see an email from Netflix, please exercise caution and make sure it is a legitimate communication before you open it. Please share this alert with your social media network to help us make the people aware of the threat.

To reduce the risk of being tricked by one of these scams, you should immediately delete any emails that:

  • Appear to be from a well-known organisation, typically a bank or service provider and are not addressed to you by name and may include poor grammar.
  • Ask you to click on a link within the email body in order to access their website. If unsure call the company directly and ask whether the email is legitimate
  • Offer money, reward or gift to entice you to hand over your personal details
  • Ask you to submit personal information that the sender should already have access to or should not be requesting from you in the first place

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

One email is all that it takes

All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.

Talk to a solution consultant at MailGuard today about securing your company's network.

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates