Millions of Australians have been targeted in a new email scam that purports to be from popular streaming platform Netflix.
The scam is designed to trick people into handing over banking and personal details in a phishing scam that asks victims to “update your payment details”.
The email looks as though it is a “reminder” sent from Netflix’ “Technical Support” team, and contains Netflix’ logo and branding to appear legitimate.
But according to a blog post by email security software Mailguard, the email is actually sent from a compromised Amazon SES account.
Users are told there is “some trouble” with their “current billing information,” and urged to click a button to “update account now”.
But clicking this leads users to a compromised Wordpress site, which has since been taken down.
“It is likely that the phishing page was designed to harvest users’ Netflix account information (including passwords), and potentially their credit card information as well,” said Mailguard.
Scams: The $116.5 million hole in Aussie wallets
Scams are costly to Australian hip pockets, with Scamwatch data revealing Aussies have already lost more than $116.5 million to scams this year.
And it’s not just older Australians who are being fooled by the online scams; a recent survey by NortonLifeLock found that 44 per cent of millennials and 39 per cent of Gen Z said they were victims of cyber crime in the past.
Netflix had nearly 11.9 million Australian subscribers at the beginning of 2020, a figure that has likely risen since then.
Netflix is a trusted brand, making it more likely that unsuspecting users could be lured to falling for the scam, according to Mailguard.
“With an immensely large customer database (almost 193 million subscribers worldwide), there’s a high likelihood that many of those that are receiving the email are subscribers, increasing the chances of this scam being successful.”
The alarming subject line is designed to evoke panic from email recipients, who may not stop to think twice about the email’s legitimacy.
Red flags to look out for
There are some dead giveaways that the email is a scam: for one, the email is not personally addressed to the user by name.
There are also spacing errors, even though the email uses Netflix branding.
Scamwatch has also recently warned Australians about Netflix scams.
Fresh warnings of Netflix phishing scams. Be careful of emails asking you to click on a link to update your account. Don’t click on the link, if unsure go directly to the website to check your account. pic.twitter.com/pqrbXf0Gzb
— Scamwatch_gov_au (@Scamwatch_gov) October 30, 2020
According to Netflix’ Help Centre, it will never ask users to enter their personal information through text or email.
“This includes credit or debit card numbers, bank account details, [and] Netflix passwords.
“We will never request payment through a 3rd party vendor or website.
“If the text or email links to a URL that you don't recognise, don't tap or click it. If you did already, do not enter any information on the website that opened.”
If you’ve received a suspicious text or email, forward it to firstname.lastname@example.org and delete the message.
You should also update your password if you’ve entered in your personal details.
Want to get better with money and investing in 2021? Sign up here to our free newsletter and get the latest tips and news straight to your inbox.