Consumer Action Organization
The Netflix phishing scam is back. It was first spotted as early as a year ago, picked up steam last fall, and, as reported by cybersecurity firms MailGuard and Panda Security this month, is now back again to ring in the New Year. Consumer Action’s editors were treated to our very own copy of the phony message—in Spanish—in mid-January.
As before, the phishing message tells recipients that due to problems with their payment, they must click on a link to verify or update payment information. Clicking on the link redirects consumers to a fake, but realistic, Netflix website where consumers are asked for credit card numbers, passwords and other personal information. The stolen information can potentially be used to access a consumer’s financial and other accounts, particularly if they reuse passwords for different accounts, and it can be used to commit identity theft. And that’s on top of the likely damper the scam will place on family movie night.
As far as we can tell, the fake Spanish Netflix messages have not been widely covered, if at all, in the news or other reports about the scam. The Spanish message we received was clever in that it listed a legitimate Netflix email address in the “Reply-To” field. However, careful scrutiny revealed that it was not sent from a Netflix email address. Also, when we contacted Netflix customer service, a representative confirmed that our editor’s email address was not in their system and that they would not have emailed us.
Consumer Action urges consumers, including Spanish-speakers, to be aware of the latest wave of fraudulent Netflix emails and to know how to safeguard their information.
Use the following tips and resources to stay safe:
- Don’t click or respond. If you receive a suspicious email asking for personal information, whether or not it appears to be from a company or someone you know, don’t provide information, click on links, open attachments, or reply to the message.
- Contact companies directly. If the suspicious message seeking information claims to be from a company where you’re a customer, look up the company’s correct phone or web address and contact them directly to find out if there really is a problem or if they need anything from you.
- Be suspicious of threats. Claims of harsh consequences such as account closures, lost money, or other harm for failure to provide requested information are red flags.
- Don’t reuse passwords. Scammers love passwords that they can use to access lots of your accounts. Whether they get your password through a phishing scam or even a data breach, don’t make your passwords even more valuable to crooks by using them for multiple accounts.
- Use security software. Protect your computer from phishing and other online threats by installing and keeping your security software up-to-date.
- Contact financial institutions. If you inadvertently give out personal and financial information to scammers, contact your financial institution to prevent or dispute fraudulent charges.
- Report phishing scams. Forward fake messages to the company being impersonated and to firstname.lastname@example.org. (For Netflix, send scam messages to: email@example.com.)