• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

How I Almost Fell For a Netflix Phish

October 7, 2019 By Trevor Collins

Netflix app

Early this morning I received an email about my Netflix payment not going through. Scams often come in the form of payment requests, so I normally ignore these emails. However, yesterday my wife subscribed to Netflix and I wasn’t sure which email she used. While on the bus I looked over the email, but I couldn’t look at the email source since I’m using my phone. I had no way to check where the email came from. For a moment I thought my Netflix payment failed. Finally, I spotted a grammar error and saw the from address didn’t include Netflix in the address. So, I decided to open the email at work for further review.

netflix spam example

In the office I found the link doesn’t lead to Netflix and I confirmed Netflix doesn’t own the suspicious email address. Since I knew what I was getting myself into I safely checked the link but received a 404 page not found error. The hosting provider took the site down.

If someone else received this email after they signed up for Netflix (and if it didn’t have the grammar mistakes or the user didn’t check), I have no doubt some would click the link and maybe even put their payment info in.

Evidently, others received this Netflix scam email recently. In an article that came out yesterday, Adrien Gendre found Netflix spam emails grew 8.2 percent since last quarter, becoming the most exploited subscription service over HBO, DirectTV, and Spotify. If you receive one of these emails, don’t click any links and check your Netflix account directly on Netflix.com for any notices.

Share This:

Related

Filed Under: Editorial Articles

Comments

  1. Cameron says

    October 8, 2019 at 11:17 am

    I had something similar happen the other day but it turned out to be a legitimate e-mail. I have been wondering why it is not possible to check the e-mail header info on a phone or is this possible and I just missed it somehow? It would certainly be a helpful feature.

    Reply
    • Trevor Collins says

      October 17, 2019 at 2:04 pm

      Cameron, you didn’t miss anything. There isn’t an easy way to access the email header.

      Reply
  2. Chris A Quintanilla says

    October 8, 2019 at 1:16 pm

    A tell-tale indicator is when the greeting is something generic, like “Hi Customers” or “Hello [email protected]“. There’s a better chance (although still not guaranteed) the message is legitimate when the message addresses you by name.

    Reply
    • Trevor Collins says

      October 17, 2019 at 2:06 pm

      Good suggestion, although sometimes they will put your name it the email to so it could still be a fake.

      Reply
  3. Joseph K says

    October 9, 2019 at 9:12 am

    I wish it was easier to see message source from mobile email apps. Seems like a major oversight by all of the major mobile email app devs (Apple, Samsung, etc.)

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
  • TikTok is Banned, Kind Of
  • How Not to Update Software

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • How Not to Update Software
  • Naming APTs
  • TikTok is Banned, Kind Of
  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use