In November 2019, we received a few emails from readers alerting us that they had received an email from someone purporting to be from Netflix that asked them to update their payment information:
I believe there is a scam going around in regards to Netflix. My husband received a notice that something is wrong with our account and the link given doesn’t go to an actual Netflix website. They ask for all the profile information including a credit number and info. I checked the actual website and our account is in good standing and all the info is accurate.
This is not a genuine email from Netflix. This email is an attempt to steal credit card information and is known as a phishing scam.
Phishing scams use various forms of bait (hence the name) in an attempt to trick people into giving up personal information, such as passwords or credit card information. These scammers may promise a prize, such as a cash giveaway, in order to entice people to give up their information. Or, as in this case, pose as a trusted company.
This Netflix phishing scam has been circulating since at least 2017. In December 2018, so many people had reported they were targeted with a version of this scam that the U.S. Federal Trade Commission (FTC) issued a statement called "Netflix phishing scam: Don’t take the bait":
Phishing is when someone uses fake emails or texts to get you to share valuable personal information – like account numbers, Social Security numbers, or your login IDs and passwords. Scammers use your information to steal your money, your identity, or both. They also use phishing emails to get access to your computer or network. If you click on a link, they can install ransomware or other programs that can lock you out of your data.
Scammers often use familiar company names or pretend to be someone you know. Here’s a real world example featuring Netflix. Police in Ohio shared a screenshot of a phishing email designed to steal personal information. The email claims the user’s account is on hold because Netflix is “having some trouble with your current billing information” and invites the user to click on a link to update their payment method.
Readers can find additional tips on how to spot and respond to this scam here. The FTC has also published a few tips on how to spot similar scams, which we've reproduced below:
How to Recognize Phishing
Scammers often update their tactics, but there are some signs that will help you recognize a phishing email or text message.
Phishing emails and text messages may look like they’re from a company you know or trust. They may look like they’re from a bank, a credit card company, a social networking site, an online payment website or app, or an online store.
Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment.
- say they’ve noticed some suspicious activity or log-in attempts
- claim there’s a problem with your account or your payment information
- say you must confirm some personal information
- include a fake invoice
- want you to click on a link to make a payment
- say you’re eligible to register for a government refund
- offer a coupon for free stuff
Netflix has also addressed the phishing scams that have targeted the company's users. The help section of the Netflix website (located at help.Netflix.com) informs readers they can always check the standing of their accounts on the official Netflix website, and that they should never give payment information to third-party outlets:
If you suspect you have received a fraudulent email or text message that appears to be from Netflix, follow these tips to keep your information safe and secure, and follow the steps below to report the message:
- Never enter your login or financial details after following a link in an email or text message. If you're unsure if you're visiting our legitimate Netflix website, type www.netflix.com directly into your web browser.
- Never click on any links or open any attachments in an email or text message you received unexpectedly, regardless of the source.
- If you suspect an email or text message is not from Netflix, do not reply to it. Follow the steps below to forward it to us.
How do I report a suspicious or phishing email or text message (SMS)?
If you received a suspicious or phishing email, forward it to firstname.lastname@example.org and delete the email. Please include the message header information, which can be found using this Google article.
If you received a suspicious text message (SMS), forward it to email@example.com using the steps for your device below.