A convincing scam email is targeting over 109 million people who use Netflix in an attempt to collect enough personal information to potentially steal their identities, according to the cyber security firm Mailguard.
The latest phishing scam, which Mailguard said it first detected this past Friday, mimics an email from the streaming service telling the user that their account is going to be suspended unless they update their billing information.
There are some indicators the email is fake, like a typo (48hours as one word) and the “#name#” at the top. However, MailGuard said in some cases the #name# field actually reflects the name of the recipient, making the scam even more dangerous.
“This works like a mail-merge; the body of the email is generic, but the sender field is designed to show the name of the intended victim, which personalises the scam making it more convincing,” Mailguard writes in its blog.
There’s even a link to a convincing-looking website that mimics the Netflix login page, and once there, Mailguard said the phishing website asks for everything from billing information to driver’s license number, mother’s maiden name, and other information which can be used to steal someone’s identity and access their bank accounts.
While Netflix said it does occasionally use email to contact users about their accounts, they said they will never ask for billing information to be updated over email. So if you receive an email like this, DO NOT CLICK the link without making sure it’s bona fide. The best way to be sure you’re not falling for a phishing attack is to log into the Netflix website directly.
The company said anyone who isn’t sure about an email they receive should visit netflix.com/security. Also, the company has asked anyone who receives a suspicious email purporting to be from the company to forward it to firstname.lastname@example.org.