Netflix has rightly been lauded as bringing about a revolution in television consumption, emerging right now as arguably the market leader in streaming entertainment.
Despite raising prices during 2016 Q3, it gained 3.6 million new subscribers. It’s an incredible amount, perhaps driven by the popularity of the service’s original content, including Daredevil, Stranger Things, and, most recently, Luke Cage.
— Marvel + Netflix (@DaredevilNews) September 30, 2016
But all those customers mean a big target for scammers. It doesn’t even matter if you’re a frequent streamer or not: you need to beware these fraudulent emails.
Whether you do have an account or not, this is certainly a smart scam: those who stream shows and movies every day will panic and click on the link in order to supposedly verify their identity. Anyone not using Netflix will be rightly troubled by the notion that someone else could be setting up an account in their name.
Suffice to say, clicking on the link is a very bad idea.
Right now, it’s mostly affecting folk in the USA, UK, and Western Europe. Hosting providers keep taking these malicious sites down — and typically quickly too — but cybercriminals are always in it for the long game, so will have set up further destinations. It’s a pretty simple phishing scam; that is, a trick to obtain personal information. In this case, that’s your Netflix password and maybe payment details too.
Personally-Identifiable Information (PII) is worth a fair amount, especially when stolen en masse, so a scam email like this might also vacuum up details about your date of birth, citizenship, and phone number. Scammers could throw some ransomware into the mix too, just to really dominate your identity.
Of course, variations on the theme persist. You might not have received an email about suspending your account, but you may have got one about validating credit card information or other problems with your membership.
As we’ve established, you don’t need a Netflix subscription to be scammed. Just the threat/ promise of an account can cause victims to lose their minds and click on a link that’ll gobble up data. This email’s more specific than the previous spam message which wanted PII and payment details.
This one wants your Apple ID.
You might’ve heard this being called the “Netflix 1S Plan Scam” because this is the name of the subscription the recipient is supposed to have bought. It’s nonsense, of course. It’s to make you hurriedly click on the link which reads “You can cancel a Subscription at any time: Cancel / Refund Subscriptions.”
You might be on the back foot because this isn’t from Netflix. It looks like it’s from iTunes. And it really does look genuine. The logo’s there, there’s a receipt order number, and the email address (“ID” followed by lots of numbers) is generally topped off with “ssl.apple.com”.
The scammers have the gall to pretend the message comes via the security protocol, Secure Sockets Layer (SSL).
The link redirects to a “My Apple” page which looks authentic. It’s obviously not. It asks for your Apple ID, which alone gives cybercriminals a lot of access to sensitive data; it’s even more worrying if you use the same password for other services, including online banking, PayPal, or Netflix!
If your email address utilizes an iCloud account, you’re arguably more at risk of receiving this message because the scammers already have confirmation that you own an Apple product. After all, an Android user is just going to shrug off an email about an iTunes account.
This scam’s been doing the rounds for about a year now, albeit with different iterations. One even details the movies you’re purported to have streamed, though as the images are skewed, it doesn’t look so authentic. The latest version, however, is the most realistic yet and will make you do a double-take.
What to Do
Stay sceptical. It always helps. Whenever you get an email from a dubious address, remember it’s potentially a scam. Approach it as if cybercriminals are lurking over your shoulder, rubbing their hands together in anticipation and glee.
Learn to scour an email and spot obvious giveaways. Netflix and Apple aren’t prone to typos or grammar errors.
They also know how much their services cost; pricing mistakes are a sure-fire way of spotting when an email’s fraudulent. I received the latter email, supposedly from iTunes, and nearly fell for it in a fit of panic. Fortunately, I noticed that the billing amount was wrong. For some reason, scammers are using incorrect totals, ranging from around £20 to £35.99, for a single month (these figures were tailored for me, a U.K.-based writer — the scammers will tailor their hacks for you wherever you are).
50% of Netflix users watch an entire season of a TV show in just one week.
— Fact (@Fact) October 22, 2016
That’s why, even if you don’t use Netflix, it’s a good idea to know how much it costs. There are no set-up costs — in fact, that first month is free. There are three streaming alternatives: Basic ($8/ £5.99 a month); Standard ($10/ £7.49); and Premium ($12/ £8.99); while other prices are offered to make use of their DVD/ Blu-ray services, ranging up to $20.
Prices will likely change in the future, so check on the official Netflix site, making sure you’re on the correct region.
That’s solid advice too for whenever you receive a message purporting to be from Netflix or iTunes: don’t click on any links. Instead, open up a separate session and sign into your account from there. Netflix does its best to track down scam emails, so forward any to firstname.lastname@example.org, including header information.
I like to party, and by party I mean watch Netflix
— Tumblr (@Reblogable) October 21, 2016
Apple assures users that it’ll never ask for private information like passwords, social security number, or payment details over email. Scrub up on things banks will never ask you online — if financial institutions won’t ask for these details, neither will other professional services (in most cases).
Fraud & Chill?
Apple has further warned:
Email messages that contain attachments or links to non-Apple websites are from sources other than Apple, although they may appear to be from the iTunes Store. Most often, these attachments are malicious and should not be opened. You should never enter your Apple account information on any non-Apple website.
Cybercriminals will always target popular services, and email scams remain a popular means to obtain sensitive information. You should always keep a clear head when skimming through your inbox.
Have you spotted any other fraudulent emails from Netflix? How do you protect yourself?