Australian Netflix users have been warned to be vigilant of a sophisticated email phishing scam attempting to steal thousands of dollars from their bank accounts.
The email tells recipients their last Netflix bill was accidentally charged twice and to request a refund by using the link provided.
While users are taken to a Netflix log-in page that appears genuine, cyber security firm MailGuard said there are key signs the emails have been sent by scammers.
Australian Netflix users have been warned to be vigilant of a sophisticated email phishing scam pretending to be from the online streaming giant
Those red flags include the subject line being left blank and the company’s display name being misspelt as ‘Netlfix’, the company said in a recent blog post.
In some cases, the recipient will also not be addressed correctly in the body of the email.
MailGuard said the web address the scammers use also does not belong to Netflix and is instead a cheap URL bought from a cheap domain name provider.
Users’ details are then harvested by the fraudsters on a page asking for their credit card number.
Red flags include the subject line being left blank and the company’s display name being misspelt as ‘Netlfix’
To make the ruse appear legitimate, the scammers even offer to send a one-time authentication code to users’ phones
To make the ruse appear legitimate, the scammers even offer to send a one-time authentication code to users’ phones.
‘If you see an email from Netflix, please make sure it is a legitimate communication before you open it,’ the MailGuard warning reads.
‘With more than 203million subscribers, there’s a high likelihood that many of those that are receiving the email are subscribers and that a portion of those will be too time poor to check the details in the email.’
MailGuard said the sophisticated phishing attempt was the latest in a series of scams pretending to be sent by Netflix.
HOW TO KNOW IF AN EMAIL IS FROM NETFLIX
Advice listed on Netflix’s website:
‘We will never ask you to enter your personal information in a text or email.
Credit or debit card numbers
Bank account details
We will never request payment through a 3rd party vendor or website.
If the text or email links to a URL that you don’t recognize, don’t tap or click it.
If you did already, do not enter any information on the website that opened.’