Many email scams are rather crude and easy to spot, but they’re getting more sophisticated all the time. You might think there’s no way you’ll ever be fooled, but a fleeting moment of distraction or break in concentration might lead you to click on a link you shouldn’t, and who knows where you might end up after that.
The latest such scam to come to our attention has Netflix members in its sights — all 109 million of them — and it looks pretty genuine at first glance.
Picked up by Australian web and email security firm MailGuard, the subject line of the email reads “Your suspension notification.”
If the email makes it through your filters and into your inbox and you decide to take a look, you’ll see that the scammers are trying to make you believe Netflix is having an issue validating your billing information.
A note declaring that your Netflix account will be suspended if you don’t respond within 48 hours aims to persuade you to click on the “restart membership” button at the end of the message.
It’s all baloney.
Click on the link and, surprise surprise, you’ll end up on a fake Netflix site where you’ll be asked to enter your login details along with other personal details, including your credit card information.
Once the scammers have all the data they’re after, the tricked Netflix subscriber is shown the message, “Your membership has been reactivated.”
In a statement issued on Monday, Netflix insisted it takes members’ online security seriously, and that it “employs numerous proactive measures to detect fraudulent activity to keep the Netflix service and our members’ accounts secure.”
The video-streaming giant added: “Unfortunately, these scams are common on the internet and target popular brands such as Netflix and other companies with large customer bases to lure users into giving out personal information.”
As usual, always be sure to double check any emails purporting to be from a company that you have a relationship with, especially if it’s asking you to click on a link within the message. Ignore the “sender” name and look for the actual email address (check it letter for letter, including the top-level domain that comes after the final dot) that the sender is using so that you can confirm their identity. You can do this by hovering over the sender’s name, though some email clients will display the actual address as well.
If you’re still not sure, you can open a new browser page and log in to the service from its homepage to check for messages via your account page, or simply contact the company directly about the issue mentioned in the email to find out if it’s genuine.