Netflix users receive convincing-looking scam email designed to trick them into handing over credit card details
The company says it never asks customers to send any of their personal information over email
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.A new email scam is targeting thousands of Netflix customers and attempting to trick them into handing over their credit card details, cyber security experts say.
Users are being sent a convincing-looking email that claims to have been sent by Netflix.
The message, which has the subject line “Payment declined”, contains the Netflix logo. “Netflix” is also listed as the name of the sender.
However, it is in fact a well-designed fake.
“We attempted to authorize the Amex card you have on file but were unable to do so,” the message reads.
“We will automatically attempt to charge your card again within 24-48 hours. Update the expiry date and CVV (card verification value) for your Amex card as soon as possible so you can continue using it with your account.”
The email also contains a prominent “Update Payment” button, which users should not click.
If you do, you’ll be taken to a malicious website that looks like an official Netflix page, says MailGuard, which spotted the scam.
“The phishing page is designed to operate like a legitimate login portal,” it says. “It asks for card details and password verification, then ejects the scam victim to a real Netflix page to allay suspicion.”
Phishing emails are often littered with spelling mistakes or formatting issues, which usually make them easy to spot.
However, what makes this particular scam so dangerous is that it looks so convincing.
“It is extremely concerning to hear that thousands of Netflix customers could have been hit by a somewhat sophisticated phishing scam,” said Raj Samani, McAfee fellow and chief scientist.
“Yet, sadly it isn’t all surprising. Phishing attacks remain the most common method of manipulating individuals into clicking on links and ultimately installing malicious content onto their systems.
“Taking advantage of trusted, well-known brands attempts to leverage the use of authority, resulting in the incoming messages to appear trusted to the consumer.”
Netflix says it will never ask customers to send any of their personal details, such as payment information or passwords, over email.
“Never enter your login or financial details after following a link in an email or text message. If you’re unsure if you’re visiting our legitimate Netflix website, type www.netflix.com directly into your web browser,” the company says.
“Never click on any links or open any attachments in an email or text message you received unexpectedly, regardless of the source.
“If you suspect an email or text message is not from Netflix, do not reply to it.”
If you think you have received a fake email that claims to have been sent by Netflix, you can report it at Netflix’s Help Center.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments