Australian Netflix users are being urged to delete a “smart” scam email that could pinch your log-in credentials as well as your bank details.
And experts are warning it is the most sophisticated “phishing” email to date.
In the latest scam, subscribers are sent an email with the subject line: “Netflix Membership on Hold”.
It asks recipients to validate their Netflix information by clicking on a link in the email, which then takes you to a fake sign-in website almost identical to the real Netflix page.
When asked to “sign in” the fake site then feeds the username and password provided to Netflix to retrieve your details.
An “account verification” page follows with the first and last name fields pre-populated from the company’s website, making you think it’s legitimate.
The data is authentic, the site isn’t.
But unlike normal phishing attempts, scammers go a step further to access your financial accounts and potentially steal your identity.
Victims are then prompted to update their billing information including credit card details.
The fake website identifies your financial institution based on your credit card number and accordingly asks for additional authentication using either “MasterCard SecureCode” or “Verify with Visa”.
How to safeguard yourself
Common sense is often the answer according to experts, as scammers manipulate people through panic.
But there are a few foolproof ways to identify a fake website.
“The really obvious thing is that the URL won’t be quite right,” said Tech and Telco editor at finder.com.au Alex Kidman.
“It will try and make itself look like Netflix but the URL in the address bar will not correlate directly to Netflix.”
He said to be careful if you are browsing on your mobile, where the URL of the website may not display immediately.
“The key thing for people to keep themselves safe is to realise, if you get something that says you must take immediate action, the most sensible thing you can do is open up a fresh browser and log in to the service yourself,” he said.
“If there is a genuine problem with your account they will waste no time letting you know whether your account is going to be suspended. If your billing information is out of date they will let you know because it’s in their interests to do so.
“They want to keep you as a customer so if it comes up there then the email was legit but nine out of 10 times it won’t.
“An awful lot of firms just don’t do these kinds of email communications anymore because of this exact problem.”
Email scams in Australia
This type of scam is by no means unique to Netflix, with several recent fake emails entering Australians’ inboxes.
Australia Post, the Australian Federal Police and Facebook are just a few of the latest scams we’ve seen.
“The reality of sending out an email like that is that you can send out tens of thousands or millions of emails for a very low cost very easily,” Mr Kidman said.
“The whole business model they’ve got is not built around the idea that everyone will click, they only need a very small number of people to panic and then they’ve made money.”