Netflix Subscribers Targeted by Phishing Scam

If you subscribe to the streaming service Netflix to get your fix of the latest in TV and movies, you are not alone.  The company, which once earned all of their revenue by shipping DVDs to people in envelopes (they still do that, by the way,) now earns the bulk of their income through streaming.

It’s working well for them, and they reportedly have some 110 million customers who pay them every month.  That’s a lot of revenue, and they use it to create some of their highly-regarded original programming, such as Orange is the New Black, and the recently-canceled House of Cards.

netflixSuccess, they say, breeds contempt.  In the technology world, success also breeds crime.  The Australian cyber security company MailGuard announced last Friday that they had detected a phishing scam that was aimed at Netflix customers.

Wikipedia describes phishing this way: Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. 

In the case of this particular phishing expedition, people have been sending out millions of email messages to all manner of people.  The messages are likely untargeted, as we are not aware of any breaches in the Netflix customer base.  Nevertheless, if you have more than 100 million subscribers, anyone sending email messages to a sufficiently large number of people will undoubtedly see many of them successfully land in the inboxes of actual Netflix subscribers.

These messages tells the recipients of the messages that their personal information in their Netflix account, including credit card information, needs to be updated, and that they should click on the link within the message to be taken to the Netflix site so that they can log in and do so.

fake netflixThe link does direct to a Website that looks very much like the actual Netflix site, but in fact is simply a site made to look like it.  Once you log in to that site, you’ll find that the people behind the phishing scam have now acquired your Netflix log in credentials as well as your credit card number.

These phishing scams have become increasingly sophisticated in recent years and these criminals have become quite good at making fake Websites look like real ones.  They have also gotten better at faking the URLS of the Websites to which the visitors will be taken, though a careful glance at the URL of a phishing email will usually show you that the site is not a legitimate one.

Often, the fake sites use a subdomain that includes the real name of the site, where the genuine site would not.  For instance, the real Netflix site is, but a phishing scam might give you a link to a site such as  Moving your mouse over the link in the email message will usually give you a clue as to whether the target URL is legitimate.

If you are in doubt, you should simply open your Web browser and type in the name of the site yourself.