large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Netflix users beware – there’s a phishing scam after your credit card details

Netflix users have more to worry about than price hikes, as they could now be the target of a phishing scam that goes after personal and business emails in an attempt to glean sensitive information. 

Spotted by cyber security researchers at PhishMe, the phishing scam aims to trick Neflix users into revealing their credit card details to pilfer money, as well as use stolen credentials to hack into other online services or sell that data on the dark web.

This phishing attack starts with a Netflix branded email asking users to update their account details and has a link to direct them to a spoofed landing page asking for their email address and password. Once that has been entered the page then directs them to another page asking for them to update their credit card details, all while looking like a genuine Netflix page.

After that stage a message pops up congratulating the scammed users for updating their account, and presents a button for them to use to get back to a legitimate Netflix page; in reality they have unwittingly handed over their Netflix login credentials and credit card information.

Furthermore, the stolen details could lead to other hacked services, if hackers discover a victim’s password has been used for other sites, and bleed over from their personal life into their work life.

“If the threat actor can find examples of password reuse, phishing a consumer service like Netflix might lead to illicit access to an enterprise email account and associated services,” PhishMe researcher Chase Sims warned.

There’s no information on how widespread the phishing campaign has been or how many people have fallen victim to it. But such scams don’t discriminate between users, and the popularity of Netflix means cyber criminals have a wide audience to attack. Such Netflix scams are not uncommon but they are getting more sophisticated in spoofing legitimate sites and web pages, meaning it’s worth being extra careful with what you click on in your emails.

It’s always advised to check the actual email address of any email being set to you that asks for login details and to avoid clicking on any links that have the slightest hint of being dodgy about them.

Related: Netflix vs Amazon

Have you spotted the Netflix scam? If so let us know @TrustedReviews or on Facebook.  

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.