Recently, a new Netflix-themed phish campaign has been making the rounds. In this scam, users receive an email, appearing to be from Netflix, stating that their accounts are on hold due to issues with their billing information. Users who click the email’s Update Account Now link find themselves on a fake Netflix account page, which asks them to provide various pieces of information, including their Netflix login credentials, their credit card information, and even (oddly) a headshot and photo of their ID cards.
For more information about this scam, see the story on the KnowBe4 blog at https://blog.knowbe4.com/scam-of-the-week-the-most-sophisticated-netflix-phishing-yet.
As always, keep a few security tips in mind when looking at unsolicited email:
- Never click on links in emails asking you to verify or update your account information. If you suspect the email may be legitimate, visit the service’s website directly by opening a new browser window and following a pre-existing bookmark or manually typing the service’s URL into the location bar.
- Don’t provide more information than you think is necessary. If an email or a site you access via a link in an email asks for excessive amounts of information, such as a headshot or a copy of your ID, be suspicious.
- Check for typos and improper grammar. Legitimate email marketers take pains to make sure their messages are worded perfectly. If you notice misspelled words or clunky language, be suspicious.
- For more information about how to recognize and deal with phish, see ITS’s Frequently Asked Questions about Phishing page.