The U.S.’s Federal Trade Commission has identified a new “phishing” scam targeting Netflix customers — and issued a warning to consumers to be on guard if they’ve received an email purportedly from the streamer requesting updated payment info.
In a blog post Wednesday (Dec. 26), the FTC shared a screenshot captured by police in Ohio of a phishing email designed to steal personal information (below). The email claims the recipient’s Netflix account is “on hold” because the company is “having some trouble with your current billing information” and urges the user to click on a link to update their payment details. The phishing scam also listed an international phone number.
The FTC said consumers should closely examine suspicious-seeming emails, with clues like bad grammar and spelling helping to indicate that it’s an illegal phishing scam. In the Netflix example, for instance, the scammer used the British spelling of “center” (“centre”) and the email is addressed “Hi Dear” instead of with an actual name.
Here’s the screenshot of the Netflix phishing email posted by the FTC:
In a statement, a Netflix rep said, “We take the security of our members’ accounts seriously and Netflix employs numerous proactive measures to detect fraudulent activity to keep the Netflix service and our members’ accounts secure. Unfortunately, scams are common on the internet and target popular brands such as Netflix and other companies with large customer bases to lure users into giving out personal information.”
Netflix said customers can get more info to protect themselves against phishing scams and other malicious activity at netflix.com/security or contact its customer service department directly.
Netflix isn’t unique in being targeted by internet criminals with phishing scams, nor is the account-verification ruse unusual. Scammers have sent spam masquerading as account-verification emails from Apple, Facebook, Amazon, Walmart and Google’s Gmail designed to steal personal info.
The FTC advises consumers who have received any questionable email to contact the company directly (not by clicking on the link in the email, which could result in malware being installed on their devices).
The FTC said consumers can report phishing scams at ftccomplaintassistant.gov or by forwarding them to the agency’s firstname.lastname@example.org address and to email@example.com, which is used by the Anti-Phishing Working Group, a coalition of internet service providers, security vendors, ﬁnancial institutions, and law enforcement agencies. In addition, the FTC recommends alerting the impersonated party (for Netflix, it says you can forward the message to firstname.lastname@example.org).