The latest nefarious plot to steal Aussie web users' private information has landed, with the latest scam taking the guise of an email from Netflix.
The campaign has been targeting Netflix users across Australia, with users reporting having been sent an email from an address posing as the legitimate support team for the streaming service, with styling and a logo that matches a typical Netflix communication.
In the body of the fraudulent email, users are being told that their account has been “temporarily suspeneded [sic] due to some issues in the automatic verification process”. Naturally, the email then requests that the user verify their account details by clicking on an ‘update details’ button.
Once clicked, customers are then taken through to a web page posing as the legitimate login page for Netflix, where they're asked to enter their email, password, and full credit card details. The scam was initially noted by cybersecurity company MailGuard (opens in new tab), which reported it as being "very well executed".
- How does Netflix compare to other Aussie streaming services? Find out in our comprehensive Netflix review
How to avoid
While it’s a good idea to check out Netflix’s official support page (opens in new tab) for how to avoid scams of this nature (or indeed report them), there are a few common giveaways that are worth watching out for in any suspicious email or text message.
Firstly, in the above instance, the word “suspeneded” is misspelled and "NETFLlX" has a lower-case 'L' instead of an upper-case "i". While major corporations aren't quite bulletproof when it comes to making mistakes in their communications, the standard of their copywriting and quality-control tends to be a little more consistent that this. Scammers, on the other hand, aren’t quite as careful.
No doubt, the phishing email will also contain some links somewhere in its body, and if you hover over these links and notice that the URL is different to the official company site, which is another key indicator something’s awry.
Lastly and perhaps most importantly, it’s uncommon for companies to request personal or payment details without cause. So if you haven’t closed any accounts, turned off automatic payments, or altered your situation in any significant way, then there’s a very good chance that the company in question will still have your correct details.
If in doubt, always visit the official site of the service by manually typing in the URL, then contact their support directly using one of the official channels listed on the site. Scammers largely rely on their victims not paying attention to details and creating 'urgent' situations to be effective, but it’s always worth taking the time to verify any emails of this nature.