Netflix fake email scam: welcome to 'smart phishing' | ACMA

Netflix fake email scam: welcome to 'smart phishing'

scam_cupcake-01 jpg

Our recent scam alert about a Netflix ‘phishing’ email highlights the increasing sophistication of scammers and the need for consumers to always be on their guard.

In this scam, emails were being sent with the common subject line of ‘Netflix Membership On Hold’. The email asks the recipient to revalidate their Netflix information by clicking on a link in the email, which takes them to a fake sign-in page almost identical to the real Netflix page.

The scam targets Australian and overseas Netflix users, trying to steal not only their Netflix credentials but their credit card details and personal information. That means the scammers can access your financial accounts and potentially steal your identity.

The fake sign-in page is extremely convincing (even including an image from the TV series Daredevil) and is an excellent example of ‘smart phishing’—a scam that dynamically adapts to your online interactions and prompts you for your data in a clever and realistic way. These scams seamlessly replicate the experience of using a company’s legitimate website, whether it is being accessed through a smartphone, tablet or desktop computer.

Here’s how the Netflix scam works:

  • When you ‘sign in’, the fake website feeds the username and password to the real website and if the log in details are correct, retrieves your first and last name—if the details are incorrect you will receive the normal login error message and be prompted to enter your correct details.
  • The next page shows an ‘account verification’ form. The first and last name fields are pre-populated with data obtained from the real Netflix website, re-assuring you that the website is ‘genuine’.
  • Once you fill out the rest of the fields—billing address, date of birth and mobile number—you are prompted to share your credit card details.
  • At this point, the fake website begins to dynamically change. It will identify your financial institution based on the credit card number, and then ask for additional authentication by, for example, using ‘MasterCard SecureCode’ or ‘Verify with Visa’ boxes.

This type of scam is by no means unique to Netflix. With relatively simple code modifications the scam can be repurposed to target other popular online services.

What can you do to protect yourself?

  • Always check the URL (website address) of the website to see that it matches the real URL—and make sure you know how to do this when browsing on your mobile, where the URL of the website might not immediately display.
  • Use a unique password for a service like Netflix and change it regularly. Never reuse the same login credentials on any web service.
  • Don’t open emails from unknown or suspicious sources, instead delete them immediately.
  • Never follow hyperlinks contained in these messages or open attached forms.
  • Where available, use two-factor authentication (using extra information on top of your password to sign in, for example, having a code sent to your mobile phone) on your accounts.

The Netflix scam is a reminder that phishing isn’t just about stealing your bank account details—you need to keep ALL your personal information, including login details, safe and secure.

More information

Visit the Australian Government’s Stay Smart Online website to help educate yourself on the ways you can avoid having your personal information compromised.

Subscribe to our Cybersecurity news to keep up-to-date with the latest trends from the ACMA’s Australian Internet Security Initiative. This has a particular focus on malware, phishing and botnet activities.

Last updated: 29 August 2016