Netflix subscribers have regularly reported receiving suspicious emails that claim their membership must be revalidated and sensitive information should be provided in order to do so. The email scam attempts to steal information from subscribers.
Wired reported that the scam appears to date back to at least January 2017. In such scams, an email instructs subscribers to enter billing information, like credit card numbers, on the Netflix website via a link that takes them to their account on the site’s page -- but the link doesn’t actually go to a real Netflix web page. Instead, internet users are directed to a fraudulent site.
The email, which warns subscribers of potential account suspension in bold letters, reads: “We were unable to validate your billing information for the next billing cycle of your subscription therefore we’ll suspend your membership if we do not receive a response from you in 48 hours.”
Netflix customers have been targeted by scammers before. Netflix itself says such scams happen often.
“Unfortunately, these scams are common on the internet and target popular brands, such as Netflix and other companies, with large customer bases to lure users into giving out personal information,” a Netflix official said in a statement to Wired in November 2017.
Netflix’s website encourages customers to hover their computer cursors over a link to see the website’s URL. Oftentimes, a URL can determine a webpage’s sponsor.
“If you’re unsure about a link in an email, you can always hover your cursor over the link to see where it directs in which you can see the real linked web address at the bottom of most browsers,” according to the Netflix website.
The company said it does not ask for any personal information to be sent to over email, including account passwords, Social Security numbers or credit/debit card information.
Wired suggests taking these steps to find out more about a sender if you’re suspicious of an email:
To confirm who really sent an email, click on the downward arrow next to the sender's name in Gmail. It'll expand to show the full info. Hover over any links to confirm that they lead to the URLs they claim. Make account changes by navigating, on your own, to a site itself, and log in there instead of going through an email link. Don't reuse passwords.