The year may be drawing to a close but that doesn’t mean scammers are taking any time off for the holidays. A new bulletin issued by the Federal Trade Commission highlights a fresh wave of Netflix phishing scams that have been landing in email inboxes around the globe.
The scam itself is old. It’s a classic “update your payment information” request that includes a link to a fake Netflix login screen where gullible folks might enter their details, and it’s the kind of thing that we see pretty regularly in our spam filters and junk mail folders, but this particular scam is apparently widespread enough to have drawn the attention of the FTC.
The FTC’s warning comes with a screenshot of what the fake Netflix email looks like.
As you can see, it’s a pretty standard phishing attempt that includes several links, but they won’t take you to Netflix’s official website. Instead you’ll be funneled to a fake Netflix front page where login details are harvested and sent back to the scammers.
The FTC says this email was obtained via law enforcement out of Ohio but, as Engadget points out, the text is British English. Scams like this tend to cast a broad net so it’s entirely possible that someone in Ohio received this email, or that the screenshot was taken from phishing alerts issued by authorities in the U.K. or elsewhere.
In any case, it’s a good reminder to not trust anything you read in your email before doing a bit of digging to verify that your emails are coming from the right places. Here’s the FTC’s rundown of steps you should take before trusting an email like this:
- Check it out. If you have concerns about the email, contact the company directly. But look up their phone number or website yourself. That way, you’ll know you’re getting the real company and not about to call a scammer or follow a link that will download malware.
- Take a closer look. While some phishing emails look completely legit, bad grammar and spelling can tip you off to phishing. Other clues: Your name is missing, or you don’t even have an account with the company. In the Netflix example, the scammer used the British spelling of “Center” (Centre) and used the greeting, “Hi Dear.” Listing only an international phone number for a U.S.-based company is also suspicious.
- Report phishing emails. Forward them to firstname.lastname@example.org (an address used by the FTC) and to email@example.com (an address used by the Anti-Phishing Working Group, which includes ISPs, security vendors, ﬁnancial institutions, and law enforcement agencies). You can also report phishing to the FTC at ftc.gov/complaint. Also, let the company or person that was impersonated know about the phishing scheme. For Netflix, forward the message to firstname.lastname@example.org.