Netflix subscriber numbers have gone up and up and now stand at around 151 million. The company has taken the world of TV by storm and helped to change the way we watch shows and films. Because of this, the brand is a household name in the UK and elsewhere across the world. As we have said before, big brands are like honey to a cybercriminal bee.

In the Vade Secure Q4 2018 reporton the most popular brands used by fraudsters, Netflix came in at number two, kicking PayPal into third position. So, no surprise then, that this week I have seen a flurry of phishing emails using the Netflix brand.

What the Netflix Phishing Email Looks Like

Although we received reports of a number of different Netflix phishing emails this week, they all used the same theme – account suspension.

The emails all stated that the recipient’s Netflix account was suspended. To restart membership, you must click on a link that says, “Restart your Membership”.

The fraudsters, in doing so, are hoping to catch one of the 151 million customers with an account. The scammers than apply the old ‘Fear, Uncertainty, and Doubt’ (FUD) trick – the customer hopefully being fearful they will miss their favourite TV show. Under those circumstances, it is all too easy to click the link.

How to Spot the Tell-Tale Signs of the Netflix Phishing Email?

The following signs showed this Netflix email was a scam:

1. The email ‘from address’ was complicated and clearly not from a Netflix domain. asidjh23oeutr-0qiwf0u4398throasi.info26 @ bydangusahasanget. store
2. The email did use the Netflix logo but did not have other Netflix identifying information such as company address, etc.
3. The salutation was impersonal “Hi Customer” instead of the actual name of the customer

What Happens If You Click the Netflix Phishing Link?

We checked out the Netflix link to see what would happen if you clicked the link.

The analysis showed the spoof Netflix website you are taken to is infected with malware. The malware found could use a technique that is listed by Mitre as “Modify Registry”. This technique is used to help execute files, such as malware. The analysis also showed that the malware was possibly able to ‘sniff keystrokes’. This type of malware can steal login credentials and other information as you type it into a keyboard.

As well as being an infected website. The spoof Netflix phishing site could potentially collect your Netflix login credential, which would be sent to a cybercriminal to log into the real Netflix site, allowing them to steal other personal data from your Netflix account.

What to Do If You Click the Netflix Phishing Link

If you are tricked into following the link and also enter login or other details into the spoof Netflix website, follow the instructions below:

1. Immediately change your Netflix password
2. If you have used your Netflix password with any other online accounts, change the password on those accounts too
3. Run an anti-malware scan on the device you used to access the spoof site and any other connected devices
4. Update any software running on your devices and computers

For more information on what to do if you click a phishing link, check out our blog post “What to Do if You Click on a Phishing Link?”

Netflix provides instructions on what to do if you receive a suspicious email that looks like it is from Netflix.

Why not help your colleagues stay safe and send them this little reminder. Feel free to edit, copy/paste the advice below:

The Netflix Email Phishing Scam

An email that looks like it is from Netflix is a scam that is trying to steal personal data and/or infect your computer with malware. The email will look like it is from Netflix. It will state that your Netflix account is suspended. The email encourages you to click a link to reactivate the account

DO NOT CLICK ANY LINKS IN THIS EMAIL

Netflix provides instructions on what to do if you receive a suspicious email that looks like it is from Netflix.

For more information on what to do if you click a phishing link check out “What to Do if You Click on a Phishing Link?”

Don’t forget to share this with your colleagues and friends and help them stay safe.

Let’s keeping breaking scams!