email scam

Internet phishing and email scams are an on-going problem that plagues online businesses and consumers. The latest email scam to make the news involves Netflix customers. The convincing-looking email attempts to trick subscribers into handing over valuable credit card information. While it appears that the email is an official communication from Netflix, it is not.

What To Look For

Suspect emails arrive in your email inbox with the subject line of “Payment declined.” The scammers are using the official Netflix logo and shows “Netflix” as the sender.  The body of the email reads:

We attempted to authorize the Amex card you have on file but were unable to do so.

email scam

We will automatically attempt to charge your card again within 24-48 hours. Update the expiry date and CVV (card verification value) for your Amex card as soon as possible so you can continue using it with your account.

The email also has an official looking “Update Payment” link. People should not click that link. It will take the email recipient to a malicious website that is designed to look like an official Netflix page. The scam was initially noticed by MailGuard, who says:

The phishing page is designed to operate like a legitimate login portal. It asks for card details and password verification, then ejects the scam victim to a real Netflix page to allay suspicion.

Why This Email Scam is Dangerous

Normally, phishing email scams are fairly easy to spot because they generally contain multiple common spelling or grammatical errors. The Netflix scam is particularly dangerous because it is missing the telltale signs of regular email scams.

McAfee fellow and chief scientist, Raj Samani said of the scam:

It is extremely concerning to hear that thousands of Netflix customers could have been hit by a somewhat sophisticated phishing scam.

Then he adds that this kind of con is far more prevalent than you’d think.

Yet, sadly it isn’t all surprising. Phishing attacks remain the most common method of manipulating individuals into clicking on links and ultimately installing malicious content onto their systems.

After all, when an email appears to come from a brand we trust, we let our guards down.

Taking advantage of trusted, well-known brands attempts to leverage the use of authority, resulting in the incoming messages to appear trusted to the consumer.

Reassurances From Netflix

In a statement from Netflix, they have confirmed that they will not communicate with customers via email. They will not request any of their personal information, passwords, or payment information. Additionally, Netflix warns:

Never enter your login or financial details after following a link in an email or text message. If you’re unsure if you’re visiting our legitimate Netflix website, type www.netflix.com directly into your web browser.

Never click on any links or open any attachments in an email or text message you received unexpectedly, regardless of the source.

If you suspect an email or text message is not from Netflix, do not reply to it.

If you feel that you have been the recipient of an email phishing scam, please visit the official Netflix Help Center to report it.

As with any suspicious email, never follow offered links. Always go to a new page in your browser. Manually type in the site address for the business, then log into your account via their secure network.

Featured image courtesy of MailGuard