Do not fall for the latest Netflix scam targeting 110 million subscribers

The total number of Netflix subscribers has reached a staggering 110 millions in 2017. Sadly, we have bad news for every single one of them. Specialists working in the cyber security department have come across a new email scam targeting Netflix users. They refer to it as a phishing attack because the purpose of the scam is to trick users into providing personal details so that cyber criminals behind the campaign could then easily obtain their money. It is not the first attempt to steal personal details and money from users of this leading Internet television network. Similar phishing attacks took place in December and August of 2016 and in January of 2017. Most likely, the most recent phishing attack is not the last one too, so keep in mind that Netflix never sends emails requiring such personal details as credit card number, PIN, direct debit account, social security number, tax identification number, identification number, and your account password.

The recent scam targeting Netflix subscribers differs from those phishing attacks researchers came across last year and at the beginning of 2017. According to specialists who have analyzed it, it is very well-designed and extremely convincing. Speaking specifically, cyber criminals behind the campaign send individualized emails (subject line: “Your suspension notification”) with Netflix logos to users. It seems that they put a lot of effort in trying to make the campaign look legit. The phishing email was designed to contain the user’s name, but, evidently, something went wrote because users get emails with the greeting “Hi #name#”instead, which is one of the first signs that it is nothing more than the scam. As a consequence, if you check your email and find a message from Netflix claiming that your membership will be suspended if you do not update your billing information (“We were unable to validate your billing information for the next billing cycle of your subscription therefore we’ll suspend your membership if we do not receive a response from you within 48hours”), you should completely ignore it no matter how convincing it is.

The main purpose of this phishing attack is, as you should already know, to obtain certain personal details that would allow cyber criminals to steal money from users’ bank accounts, so it is not surprising at all that the fabricated email tells users to go to restart their memberships immediately to “continue to enjoy all the best TV shoes & movies without interruption.” When the RESTART MEMBERSHIP button is clicked, the bogus Netflix page built on a compromised WordPress blog opens. It does look exactly like the original website (, but there is still one symptom showing that it is fictitious – the URL in the address bar. Unfortunately, not all users pay much attention to the URL at the top of the browser, so they log in fearlessly. Once login and password are entered, the “Update Your Billing Information” page appears. It asks users to provide full name, date of birth, billing address, credit card details, zip code, and more. The chances are very high that the provided information will be used to gain access to victims’ bank accounts and credit cards. If it turns out to be true, their money might be stolen. Finally, when all details are provided, users see the “Your Membership Has Been Reactivated” screen. At this point, all users’ personal details are already in cyber criminals’ hands. Unfortunately, there is not much users can do if they have provided sensitive information to cyber criminals, so our recommendation would be only one - to contact the bank as soon as possible. Most likely, you will need to close your bank account or take other security measures.

Phishing attacks targeting ordinary computer users are not so rare, so you should be more cautious from now on. First, always hover your mouse over links in emails and check their URLs carefully before actually clicking on them. In case you find them suspicious or unfamiliar, do not open them. Second, experts say that 9 out of 10 cyber attacks take place via emails, so be careful with all emails you receive and keep in mind that trustworthy companies will never ask you to provide personal details, financial details, and logins and passwords via emails. Third, it is not likely at all that genuine emails sent from the bank will contain typos or various symbols, so messages with many mistakes, all-capital letters, or a bunch of exclamation marks are a red flag. Finally, always check the address the email received has come from. Emails whose addresses raise suspicions should not be opened.