- What you need to know about the data breach of 773 email addresses 1 Year Ago
- Senators fear government shutdown may affect FTC investigation of Facebook Today 3:43 PM
- Buy beer for a furloughed government worker with this new website Today 3:19 PM
- Alexandria Ocasio-Cortez is teaching Congress how to tweet Today 2:42 PM
- Congressmen held genetics meeting with Chuck Johnson, despite his past racist claims about genetics Today 2:26 PM
- Female bodyguard thriller ‘Close’ is disappointingly un-thrilling Today 2:01 PM
- Twitter faces backlash for insensitive ‘triggers’ joke Today 1:13 PM
- 10 user-recommended sites for live tarot readings that are almost too good to be true Today 12:08 PM
- AsapSCIENCE comes for Jake Paul over Mystery Brand scam Today 11:34 AM
- Why ‘I never thought of it like that’ can actually be deeply offensive Today 11:26 AM
- Save 40% on the Fire TV Stick 4K when you rent textbooks through Amazon Today 11:05 AM
- Netflix reportedly used real disaster footage in ‘Bird Box’ Today 10:53 AM
- Holocaust denier Chuck Johnson spotted with 2 congressmen in Capitol Today 10:30 AM
- YouTuber who made popular Darth Vader fan film prevails in copyright fight Today 10:09 AM
- Mariah Carey says she ‘doesn’t acknowledge time’ in her 10-year challenge photos Today 10:06 AM
Avoid pressing any attachments and links contained in emails.
Stay away from unexpected Netflix emails: They may be tricking you into handing over your credit card information.
Netflix is warning customers about what may be the most sophisticated phishing scam yet. First discovered by Australian email security company MailGuard, the zero-day scam uses Netflix branding and webpage style to coax users into giving away credit card details. The email shows “Netflix” as the sender and the subject area alerts recipients that their card information was declined.
“Hi. We have attempted to authorize the Amex card you have on file but were unable to do so,” the email reads. “We will automatically attempt to recharge your card again in 24-48 hours. Update the expiry date and CVV (card verification value) of your Amex card as soon as possible so you can continue using it with your account. We’re here to help if you need it. Visit the Help Centre for more info or contact us. – Your Friends at Netflix.”
An image of the phony email was posted to Twitter by the New South Wales Police Force in Australia.
— NSW Police (@nswpolice) January 10, 2018
The deceptively pleasant message includes an “update payment” button that directs users to a credit card information portal with blanks for email address, card number, expiration date, and CVV number. Once a user submits their information, the scam redirects them to Netflix’s homepage to ease any potential concerns. The longer users are unaware of the theft, the longer scammers can continue taking advantage of any ill-gotten personal information, so keeping people in the dark is just as important as gaining access to their info in the first place.
Reports say “thousands” of users have been affected so far. The scam has reached people in Australia and the U.K., but it’s not clear if any U.S. customers have received any of these emails.
We’ve seen this very scheme before. In September, an email circulated that told customers their accounts were disabled because of a billing error. It too asked users to update their credit card and bank account info. Compared to that attempt, this one is miles ahead in terms of its ability to convince victims. Nothing is misspelled, the spacing is spot on, and its phrasing isn’t nearly as aggressive (though “as soon as possible” is a definite red flag).
There are several best practices you can follow to protect yourself from these increasingly effective attacks. First, avoid clicking links in emails unless you’re 100 percent certain they’re legit. Also, never click on a shortened URL from an unverified source. For more on phishing attacks and ways to protect yourself, check out our comprehensive guide.
A spokesperson at Netflix didn’t address the latest incident directly but provided the Daily Dot with a generic statement about phishing attacks.
“We take the security of our members’ accounts seriously and Netflix employs numerous proactive measures to detect fraudulent activity to keep the Netflix service and our members’ accounts secure. Unfortunately, scams are common on the internet and target popular brands such as Netflix and other companies with large customer bases to lure users into giving out personal information.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.