Hackers gonna hate, don't take the bait: Netflix customers are the latest targets of an email phishing scam that has already hit over 100 million customers' inboxes.
With a subject line alerting customers to a fake Netflix account suspension notice, the devious phishing email lures in binge watchers everywhere with the threat of account cancellation — and takes them to a well-designed and official-looking landing page where the identity thieves collect personal info such as log-in information and credit card details.
According to an amazing amount of in-depth cyber security reporting on the issue from WIRED, the phishing scheme was first detected unofficially in January but has reached headline status with official announcements this week.
"As with all of the most pernicious phishes, the problem with the Netflix phish isn't just its convincing look — it's that whoever's behind it has found new ways to bypass spam filters over and over again."
The fake Netflix website uses press photos from popular shows such as The Crown and House of Cards, along with Netflix logos, to build trust with existing customers — but is built on a compromised Wordpress blog. Australian email security company MailGuard points out, however, some easy ways to spot the fake email and keep your information secure, including these top two:
1. The greeting has no first name
While the email addresses of Netflix users were successfully acquired by the scammers, the first names of the users were not. As a result, the greeting on the email reads "Hi, #name#" — a dead giveaway that the email didn't come straight from Netflix.
2. Consider the source(s)
Always hover your mouse over links within emails (and the email sender From address) and check the domain to which they're pointing. If it looks suspicious or unfamiliar (or doesn't correctly match the sender), don't open them or click through any links or buttons contained in the email.
If you believe you've received a suspicious email from Netflix, you can report it to the company here. We also have a list of expert tips for avoiding phishing scams in the archives that are well worth committing to memory heading into the holiday season — a prime time for hackers and scammers to strike.