The message starts off with the kind of information that is apt to send shivers down the spines of many binge-watchers.
The United States’ Federal Trade Commission (FTC) issued a warning late last year about an email-borne scam campaign in which fraudsters impersonate the streaming giant Netflix and phish for people’s personal information.
This variation of a Netflix-themed scam deploys a tried-and-tested stratagem, starting off with a duplicitous note that your account has been put on hold due to something being wrong with your payment details. Indeed, this is one of the most common ways in which various phishing scams intend to prompt message recipients into taking action.
Also common in catch-all scam campaigns is a generic salutation, rather than a personalized one – in this case “Hi Dear”. This alone is a telltale sign that the message is very, very unlikely to have been sent by a legitimate organization.
At any rate, the email – a screenshot of which was shared by police in Ohio earlier in December – is quick to proffer a fix for the purported “trouble with your current billing information”: Update your payment information, using an embedded link. Except that clicking on such a fraudulent link takes you to a fake login page that will ask for, and then steal, your login details. In related scenarios, the click on the link or message attachment will unleash malware on the computer, often in order to collect your personal information.
The usual piece of advice vis-à-vis phishing scams applies equally in this case: It’s best not to click anything in messages that arrive out of the blue. Double-check that the message and its sender are legitimate – for example, by contacting the service provider – but disregard the contact details provided in the bogus offer for help.
ESET researchers, too, have previously issued a warning about a Netflix-themed scam – one that spread via WhatsApp and promised free access to the streaming platform for a whole one year. As another example, another phishing campaign that impersonated Netflix made the rounds later in 2017, attempting to reel in millions of the service’s subscribers.
written by Tomas Foltyn, ESET We Live Security