December 27, 2018
The Federal Trade Commission has issued an alert to Netflix subscribers about an online phishing scam that attempts to extract personal information from unsuspecting subs, among other issues.
Phishing is when someone uses fake emails or texts to get users to share valuable personal information — such as account numbers, Social Security numbers, login IDs and passwords.
The FTC said scammers can use the personal information to steal money, identity, or both. They also use phishing emails to get access to an unsuspecting user’s computer or network. Clicking on a link can install ransomwareor other programs that can lock users out of their data.
Indeed, scammers often use familiar company names or pretend to be someone consumers know. Police in Ohio shared a Netflix screenshot of a phishing email designed to steal personal information. The email claims the user’s account is on hold because Netflix is “having some trouble with your current billing information” and invites the user to click on a link to update their payment method.
The FTC warns Netflix subs that If they have concerns about an email from the service, they should contact the company directly.
While some phishing emails look completely legit, bad grammar and spelling typically underscore phishing. Other clues include misspelled names, or you don’t even have an account with the company. In the Netflix example, the scammer used the British spelling of “center” (Centre) and used the greeting, “Hi Dear.” Listing only an international phone number for a U.S.-based company is also suspicious.
Netflix said subscribers unsure about emails from the service can access additional information at Netflix.com/security as well as contacting the customer service.
“We take the security of our members’ accounts seriously and Netflix employs numerous proactive measures to detect fraudulent activity to keep the Netflix service and our members’ accounts secure,” a rep said in a statement. “Unfortunately, scams are common on the internet and target popular brands such as Netflix and other companies with large customer bases to lure users into giving out personal information.”
The FTC said consumers concerned about possible phishing should forward the emails to firstname.lastname@example.org (an address used by the FTC) and to email@example.com (an address used by the Anti-Phishing Working Group, which includes ISPs, security vendors, ﬁnancial institutions, and law enforcement agencies). You can also report phishing to the FTC at ftc.gov/complaint. Also, let the company or person that was impersonated know about the phishing scheme. For Netflix, forward the message to firstname.lastname@example.org.