Akankasha Dewan 06 November 2019 16:36:54 AEDT 5 MIN READ

Phishing email scam spoofs Netflix again; claims accounts are on ‘hold’

Last week, we intercepted a phishing email scam purporting to be from Netflix. It asked users to update their payment information via a malicious link.

Now, a similar email scam is infiltrating inboxes - this time tricking Netflix users by claiming their accounts have been put on hold.

First detected on 5th of November, the emails use a display name of ‘NETFLIX’. Cybercriminals behind the emails forged a legitimate sending address containing the Netflix domain to send the emails. The emails actually come from a compromised server.

The malicious email is titled ‘Your Netflix Membership is on hold’ and uses the Netflix logo and branding within its body to appear legitimate. The email claims that Netflix recently failed to validate the recipient’s payment information that they hold on record for their account. Therefore, a ‘brief validation process’ is required in order to verify user’s billing and payment details. A link is provided for the user to validate his or her membership, as per the screenshot below:

Here is a screenshot of the email:

Netflix 06_11 edited

Unsuspecting recipients who click on the link to ‘validate membership’ are led to a fake Netflix-branded login page that asks for their email and password:

netflix 2 0611

Once users enter their email address and password, they are sent to another page that asks them to update their ‘billing information’, as per the below:

netflix 3 billing

Having filled out the form to update their billing information, users are then directed to a page to validate their payment information, which includes fields for filling out credit card information and answering the security question "Mothers maiden name?". Here is a screenshot of the page:

netflix 4

Clicking on ‘update payment method’ after filling out all the fields leads the users to a confirmation page titled ‘your account has been updated’. A link is provided for the users to ‘continue to login’ which leads to the actual Netflix login page.

netflix final

The sole purpose behind this elaborate scam is to steal Netflix users’ email addresses and passwords, along with their credit card details.

As you can see from the fake log-in page above, cybercriminals have taken great pains to incorporate the exact colour scheme, logo, fonts and popular images commonly found in Netflix pages in a bid to convince the user that the email is actually originating from the entertainment company. It is also interesting to note that the process to verify billing details uses a ‘secure server’ and is multi-staged, requiring various details like a user’s ‘mother’s maiden name’. This only adds on to the sense of legitimacy evoked by the email as such a detailed and secure process is expected of a well-established company like Netflix. All this serves to elicit a more confident response from recipients who think they are, in fact, making their accounts more secure by clicking on the provided link and entering their confidential login details.    

However, while the email incorporates the branding and logo of the company, it contains several red flags for anyone who is vigilant enough to spot fake email scams.

Firstly, there are several grammatical and spelling errors within the body, such as “we need a brief validation process”. Spacing errors are also present throughout the email, a trait that is not likely to be present if the email was, in fact, being sent from a well-established organisation such as Netflix.

This is not the first Netflix based scam MailGuard has seen recently. Netflix is a popular and well trusted company with an immensely large customer database, so their branding makes a good lure for cybercriminals looking to deceive people. 

If you see an email from Netflix, please exercise caution and make sure it is a legitimate communication before you open it. Please share this alert with your social media network to help us make the people aware of the threat.

What to do if you receive such emails

As a precaution, avoid clicking links in emails that:

  • Are not addressed to you by name, have poor English or omit personal details that a legitimate sender would include
  • Are from businesses you’re not expecting to hear from.
  • Ask you to download any files

Take you to a landing page or website that does not have the legitimate URL of the company the email is purporting to be sent from. 

MailGuard urges email users to remember that cybercriminals prey on the brands that we trust and love, like Netflix. It's wise to always be skeptical of messages from unfamiliar senders asking you to log into your accounts.

Is your business receiving criminal intent emails?

It's time to get the protection your business needs. 

Cybercriminals use email scams to infiltrate organisations with malware and attack them from the inside. All criminals need to break into your business is a cleverly-worded message. If they can trick one person in your company into clicking on a malicious link they can gain access to your data.

Speak to the MailGuard team today to learn more how MailGuard's predictive and advanced email security can help protect your business for a few dollars per staff member per month. 

Talk to a solution consultant at MailGuard today about securing your company's network. 


Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates