Please be advised of the following Netflix phishing scam with an email subject line “Your Recent Premium Subscription Ended”, which notifies customers of an automatic billing issue.
If you miss the spelling and grammar errors and click “Restart Now” without previewing the link destination, you will be directed to the following seemingly secure (using https:// and the locked padlock) Netflix “Sign In” page:
Note that long random starting URL text (above) is the phishing indicator here. This text pushes the domain to the far right, out of your view. If you enter your credentials and click sign-in, your credentials are compromised and you are next prompted to update billing details as follows:
If you click “Continue” and do not check the URL destination of this link or notice the strange salutation “Dear friend” or the switch to French at the bottom of the dialog, you will be taken to another dialog requesting an update of your billing information. Once credit card payment information is entered and submitted, scammers are in possession of your payment details.
All images courtesy of nakedsecurity by Sophos
If you’ve received this email or another email that was suspicious, and you entered your Netflix password, it is recommended that you change it asap. If you entered payment information, contact the associated financial institution using the phone number on the back of your payment card to cancel your card. Be on the look-out for any fraudulent activity on the account.
Finally, please be reminded that it’s a recommended best practice to avoid clicking embedded links in email messages. Instead visit sites by typing known and trusted URLs into your browser’s address bar. It is also a best practice to avoid providing any financial/sensitive information via email.