How to spot phishing emails like Netflix email scam

What is "Netflix Email Scam"?

"Netflix Email Scam" is an email that is distributed as part of a spam campaign - cyber criminals send it to many people. Note that this is a scam, a 'phishing' attempt, and has nothing to do with Netflix.

It steal users' usernames and passwords. Similar emails are used to distribute malware (malicious programs) such as Trojans and other programs of this kind. This and other similar emails can never be trusted and the best option is to ignore them.

In this case, the "Netflix Email Scam" spam campaign targets people who use the Netflix media-services provider. According to the email, some information on the recipient's Netflix account is missing or incorrect. Scammers encourage people to update account information within 72 hours, otherwise the account will be limited.

There is a "VERIFY NOW" button that, if clicked, opens a fake Netflix website asking the user to sign-in. It asks users to enter their email addresses or telephone numbers and passwords used to log into the (existing) Netflix account. This email cannot be trusted.

Cyber criminals often claim to be representatives of  well-known companies - they send emails using names of various popular companies and attempt to make these emails appear legitimate and official. In this case they attempt to steal people's personal details/information.

There are many other similar spam campaigns on the internet. Most are used to cause computer infections (distribute malware) that steal data. Typically, cyber criminals employ these programs to generate revenue and cause victims financial loss.

Threat Summary:

Name	Netflix spam
Threat Type	Trojan, Password stealing virus, Banking malware, Spyware
Symptoms	Trojans are designed to stealthily infiltrate victim's computer and remain silent thus no particular symptoms are clearly visible on an infected machine.
Distribution methods	Infected email attachments, malicious online advertisements, social engineering, software cracks.
Damage	Stolen banking information, passwords, identity theft, victim's computer added to a botnet.
Malware Removal (Windows)	To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. ▼ Download Combo Cleaner To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

There are many spam campaigns including, for example, "Unicredit Bank Email Virus", "Love Letter Email Virus", and "Y.E DESIGN Email Virus". These are spam email campaigns designed to proliferate high-risk malicious programs. Typically, cyber criminals proliferate programs such as Adwind, LokiBot, TrickBot, Emotet, and so on.

These viruses are usually employed to steal data and to use it to generate revenue. The programs are also capable of opening backdoors and installing other infections such as ransomware.

How do spam campaigns infect computers?

"Netflix Email Scam" can cause problems only if the presented "VERIFY NOW" button is clicked and the required details are provided.

Otherwise, it is harmless. In other cases, cyber criminals send emails that contain malicious attachments such as Microsoft Office documents, PDF files, executable files (.exe), archive files (ZIP, RAR, and others), or website links that lead to malicious files. None can infect computers unless they are opened.

How to avoid installation of malware?

Be careful with emails received from unknown, suspicious addresses. Do not open included attachments or web links without making sure it is safe to do so. Dubious emails are often irrelevant, and yet presented as legitimate, official, or important. Ignore emails of this type.

Do not use various third party downloaders, installers, unofficial websites, or other such tools to download (or install) software. They might be used by cyber criminals to proliferate various rogue apps or other unwanted software (potentially, malicious one). Update software using tools or functions that are provided by official developers only.

Fake (unofficial) tools should not be used (they often cause computer infections). Software cracking tools should be avoided too, since cyber criminals employ them to proliferate malicious programs. These tools often install malware rather than activating any paid software free of charge.

Note that, in any case, it is illegal to use cracking tools. Finally, reputable anti-virus/anti-spyware software can prevent computers from being infected - it detects and removes threats before any damage is done. If you have already opened malicious attachments, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate infiltrated malware.

Text presented in the "Netflix Email Scam" email message:

Subject: Some information on your account appears to be missing or incorrect.

Reset your information
Dear Customer,
Some information on your account appears to be missing or incorrect, please update your account information promptly so that you can continue to enjoy all the benefits of your account.
VERIFY NOW
If you don't update your information within 72 hours we'll limit what you can do with your account.
We're here to help if you need it. Visit the Help Center for more info or contact us.
ñYour friends at Netflix

Questions? Visit the Help Center
This account email has been sent to you as part of your Netflix membership. To change your email preferences at any tim 5;, please visit the Communication Settings page for your account.
Please do not reply to this email, as we are unable to respond from this email address. If you need help or would like  4;o contact us, please visit our Help Center at help.netflix.com.
This message was mailed to [you] by Netflix.
SRC: 12546_en_US
Use of the Netflix service and website is subject to our Terms of Use and Privacy Statement.
Netflix International B.V.

Screenshot of a deceptive website asking to enter account details:

Another variant of "Netflix" email spam campaign. This one claims that Netflix was unable to collect the monthly payment and encourages users to re-enter (update) credit card details and other personal data:

Text presented within this email:

Netflix was unable to collect a payment because of one of the following:
- The method of payment on file is no longer valid or has expired. - The financial institution did not approve the monthly charge.
To resolve the issue, update your payment method. Download form attached to this email and follow the instructions.
Once your payment information has been updated, you can continue enjoying Netflix. If you're having trouble updating your payment information, you may want to reach out to your card issuer to ensure the card information is up to date or try an alternate method of payment.
Netflix will also automatically retry the failed payment periodically over the course of your billing cycle to help you get back to enjoying the service.

Screenshot of the fake Netflix website attached to the email:

Other examples of Netflix-related spam emails which promote phishing websites:

Text presented within this email:

Automatic payment.
Hi Customer,
Your Auto payment cannot process.
Your subscription period will end on Tue, March 31, 2020.

Click here to update your payment methode

please update your payment methode for continue Netflix feature.

The Netflix Team

Text presented within this email:

Subject: RE: NETFLIX: Summary Subscription Problem - Recurring Payment Issue [4434-624098-1629642]

28/03/2020
We weren't able to complete your last payment for your netflix
subscription, there was an error with the active payment method.

Please go to your subscription's payment methods to change the
active payment method.

We are here to help if you need it. Visit the help center for more
info or contact us.

-Your friend at Netflix.

Yet another variant of Netflix-related phishing scam email:

Text presented within:

Subject: Sorry for the interruption

Netflix
Please Update Your Payment Method
Hello,
Sorry for the interruption, but we are having trouble authorising your Credit Card. Please visit www.netflix.com/youraccountpayment to enter your payment information again or to use a different payment method. When you have finished, we will try to verify your account again. If it still does not work, you will want to contact your credit card company.
If you have any questions, we are happy to help. Simply call us at any time on 5539 4241 5353 .
-The Netflix Team

Questions? Call 0835 091 6380

This account email has been sent to you as part of your Netflix membership. To change your email preferences at any time, please visit the Email Preferences page for your account. Please do not reply to this email, as we are unable to respond from this email address. If you need help or would like to contact us, please visit our Help Centre at help.netflix.com.
This message was mailed to ****** by Netflix.
SRC: 4304.2.GB.en-GB
Use of the Netflix service and website is subject to our Terms of Use and Privacy Policy.
Netflix International B.V. Keizersgracht 440, 2nd floor, 1016 GD, Amsterdam, The Netherlands

Support-Net

3116 Doctors Drive, Los Angeles, CA 90017

Unsubscribe

Phishing site promoted via this email:

Another scam email relating to Netflix account verification:

Text presented within:

Your account has been suspended
Dear client,
We've temporarily suspended your account due to some issues in the automatic verification process.
For this reason we suspended your account, until you verify all required information's and update your payment method. We will provide with all the steps you need to unlock your account. Please follow these instructions after you click on the button below.
Update Your Details
Follow these steps :
Login to your account.
Update your Billing information's
Update your Payment method
If you do not verify your account, your account will be deleted permanently.
Please help us to clear your status and update your account.
Thanks,
Netflix.
NETFLlX

4967 Polk Street, Tucson, AZ 85714

Unsubscribe

Yet another variant of Netflix-themed scam email:

Text presented within:

Subject: We recently failed to validate your payment information

 

We recently failed to validate your payment information, we hold on record for your account,
therefore we need to ask you to complete a brief validation process in order to verify your billing and payment details.

Click here to verify your account

Failure to complete the validation process will result in a suspension of your netflix membership.

We take every step needed to automatically validate our users,
unfortunately in this case we were unable to verify your details.
The process will only take a couple of minutes
and will allow us to maintain our high standard of account security.

Netflix Support Team

This message was mailed automatically by Netflix during routine security checks. We are not completely satisfied with your account information and required you to update your account to continue using our services uniterrupted.
 
NETFLlX

122 Jubilee Terrace, Bardon, AK 52205

Unsubscribe

Yet another Netflix-themed scam email:

Text presented within:

Subject: Your cancellation confirmation ..

Netflix
Your cancellation confirmation
hello:
As you requested, we've cancelled your membership, effective from MONDAY, 19-05-2020 Obviously we'd love to have you back. If you change your mind, simply restart your membership to enjoy all the best TV programmes & films without interruption

UPDATE PAYMENT
 
We're here to help if you need it. Please visit the Help Centre for more info or contact us.
- Your friends at Netflix

VIEW ALL TV PROGRAMMES & FILMS>
By joining Netflix, you've agreed to our Terms of Use and Privacy Statement.
Questions? Call 0800 096 8879
This account email has been sent to you as part of your Netflix membership. To change your email preferences at any time, please visit the Communication Settings page for your account.
Please do not reply to this email, as we are unable to respond from this email address. If you need help or would like to contact us, please visit our Help Centre at help.netflix.com.
You agreed to start your Netflix membership in the United Kingdom when you clicked Start Membership during sign-up. You acknowledged that you have lost your right of withdrawal, but this does not affect your free trial and you can still cancel at any time. If you would like to cancel your membership, click the cancel membership link on the Your Account page or contact us as described above.
 
This message was emailed to [[email]] by Netflix.
SRC: 12500_en-GB_GB
Use of the Netflix service and website is subject to our Terms of Use and Privacy Statement.
?Netflix International B.V.?
 
        
NETFLlX

2468 Papineau Avenue, hawaii, HI 98110

Unsubscribe

Screenshot of a phishing website (thedigitalpresense[.]info) promoted via this email:

Yet another Netflix-themed phishing email (the promoted website is currently down):

Text presented within:

Subject: Validate your payment information

we recently failed to validate your payment information we hold on record for your account
therefore we need to ask you to complete a brief validation process in order to verify your billing and payment details.

CLICK HERE TO VERIFY TOUR ACCOUNT

failure to complete the calidation process will result in a suspension of your netflix membership.
we take every step needed to automatically validate our users
unfortunately in this case we were unable to verfify your details.
and will us to maintain our high standaro of account security.

Netflix service.ID|Support|Privacy Policy
Netflix Distribution International,Hollyhill Industrial Estate, Hollyhill, Cork, Republic of Ireland.All rights reserved.

netflix

3430 S Sepulveda Blvd. , Los Angeles, CA 90034

Unsubscribe

Yet another Netflix-themed spam email used for phishing purposes:

Text presented within:

Subject: We were unable to complete your last payment for your Netflix membership.

Cancellation of your Netflix subscription.
Dear info,
We were unable to complete your last payment for
your Netflix membership.
Please update your payment information to continue
enjoying Netflix.
My Account
If you do not update your information within 72 hours
your account will be suspended.

Need help Contact support or visit our Help Center. Please do not reply to this email.

Appearance of a fake Netflix login website promoted via this email:

Another variant of Netflix-themed scam email used for phishing purposes:

Text presented within:

Subject: Required informations update for 2021 to keep enjoying your account.

 

Update account personal informations.
Dear Customer,
Required informations update for
2021 to keep using your Netflix account.
Please update your payment information to continue
enjoying Netflix.
My Account

Need help Contact support or visit our Help Center. Please do not reply to this email.

Another example of Netflix-themed spam email claiming that user's payment has been declined:

Text presented within:

Subject: Confirm Your Payment

Payment declined
, Hey

We tried to confirm the card that was was linked with your account but we were unable to do it so, we will attempt to charge your card again automatically within 24-48 hours

Update the expiration and CVV (card verification value) data for your Credit/Debit card as soon Possible so that you can continue to use it with your account

Yet another example of Netflix-themed spam email:

Text presented within:

Subject: We could not authorize your payment for the next billing cycle of your subscription!.

 

If this notification appear in your junk box please place it in your inbox.
Your suspension notification
Dear Customer,
We could not authorize your payment for the next billing cycle of your subscription therefore we've suspended your membership. But your current subscription is active until it expires.
Obviously we'd love to have you back, simply click restart your membership to update your details and continue to enjoy all the best TV shows & movies without interruption.
UPDATE ACCOUNT NOW
If you don't update your information within 72 hours we'll limit what you can do with your account.
We're here to help if you need it. Visit the Help Center for more info or contact us.
–Your friends at Netflix
 
Questions? Visit the Help Center
This account email has been sent to you as part of your Netflix membership. To change your email preferences at any time, please visit the Communication Settings page for your account.
Please do not reply to this email, as we are unable to respond from this email address. If you need help or would like to contact us, please visit our Help Center at help.netflix.com.
This message was mailed to [[-email-]] by Netflix.
SRC: 12546_en_US
Use of the Netflix service and website is subject to our Terms of Use and Privacy Statement.
‪Netflix International B.V.‬

Yet another example of Netflix-themed spam email used to promote a phishing site:

Text presented within:

Subject: Your account is suspende...

Netflix

sq
[!!]     Your account is suspended.
Please update your payment information
Hello ,
We're having trouble with your billing information. Do you want to try paying with your card again? Your card details can be found below.
 
Your Card
VISA:     •••• •••• ••••
Expiration date : (MM/AA)
 
 
RETRY PAYMENT

ENTER A NEW PAYMENT METHOD

We're here to help if you need it. Visit the Help
Center for more info or contact us.
The Netflix team

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

• What is Netflix spam?
• Types of malicious emails.
• How to spot a malicious email?
• What to do if you fell for an email scam?

Types of malicious emails:

Phishing Emails

Most commonly, cybercriminals use deceptive emails to trick Internet users into giving away their sensitive private information, for example, login information for various online services, email accounts, or online banking information.

Such attacks are called phishing. In a phishing attack, cybercriminals usually send an email message with some popular service logo (for example, Microsoft, DHL, Amazon, Netflix), create urgency (wrong shipping address, expired password, etc.), and place a link which they hope their potential victims will click on.

After clicking the link presented in such email message, victims are redirected to a fake website that looks identical or extremely similar to the original one. Victims are then asked to enter their password, credit card details, or some other information that gets stolen by cybercriminals.

Emails with Malicious Attachments

Another popular attack vector is email spam with malicious attachments that infect users' computers with malware. Malicious attachments usually carry trojans that are capable of stealing passwords, banking information, and other sensitive information.

In such attacks, cybercriminals' main goal is to trick their potential victims into opening an infected email attachment. To achieve this goal, email messages usually talk about recently received invoices, faxes, or voice messages.

If a potential victim falls for the lure and opens the attachment, their computers get infected, and cybercriminals can collect a lot of sensitive information.

While it's a more complicated method to steal personal information (spam filters and antivirus programs usually detect such attempts), if successful, cybercriminals can get a much wider array of data and can collect information for a long period of time.

Sextortion Emails

This is a type of phishing. In this case, users receive an email claiming that a cybercriminal could access the webcam of the potential victim and has a video recording of one's masturbation.

To get rid of the video, victims are asked to pay a ransom (usually using Bitcoin or another cryptocurrency). Nevertheless, all of these claims are false - users who receive such emails should ignore and delete them.

How to spot a malicious email?

While cyber criminals try to make their lure emails look trustworthy, here are some things that you should look for when trying to spot a phishing email:

• Check the sender's ("from") email address: Hover your mouse over the "from" address and check if it's legitimate. For example, if you received an email from Microsoft, be sure to check if the email address is @microsoft.com and not something suspicious like @m1crosoft.com, @microsfot.com, @account-security-noreply.com, etc.
• Check for generic greetings: If the greeting in the email is "Dear user", "Dear @youremail.com", "Dear valued customer", this should raise suspiciousness. Most commonly, companies call you by your name. Lack of this information could signal a phishing attempt.
• Check the links in the email: Hover your mouse over the link presented in the email, if the link that appears seems suspicious, don't click it. For example, if you received an email from Microsoft and the link in the email shows that it will go to firebasestorage.googleapis.com/v0... you shouldn't trust it. It's best not to click any links in the emails but to visit the company website that sent you the email in the first place.
• Don't blindly trust email attachments: Most commonly, legitimate companies will ask you to log in to their website and to view any documents there; if you received an email with an attachment, it's a good idea to scan it with an antivirus application. Infected email attachments are a common attack vector used by cybercriminals.

To minimise the risk of opening phishing and malicious emails we recommend using Combo Cleaner Antivirus for Windows. 

Example of a spam email:

What to do if you fell for an email scam?

• If you clicked on a link in a phishing email and entered your password - be sure to change your password as soon as possible. Usually, cybercriminals collect stolen credentials and then sell them to other groups that use them for malicious purposes. If you change your password in a timely manner, there's a chance that criminals won't have enough time to do any damage.
• If you entered your credit card information - contact your bank as soon as possible and explain the situation. There's a good chance that you will need to cancel your compromised credit card and get a new one.
• If you see any signs of identity theft - you should immediately contact the Federal Trade Commission. This institution will collect information about your situation and create a personal recovery plan.
• If you opened a malicious attachment - your computer is probably infected, you should scan it with a reputable antivirus application. For this purpose, we recommend using Combo Cleaner Antivirus for Windows.
• Help other Internet users - report phishing emails to Anti-Phishing Working Group, FBI’s Internet Crime Complaint Center, National Fraud Information Center and U.S. Department of Justice.

Frequently Asked Questions (FAQ)

Why did I receive this email?

Typically, scammers behind phishing emails and similar spam campaigns do not target anyone in particular. In most cases, they use email addresses obtained from leaked databases and send the same email to all recipients.

I have provided my personal information when tricked by this email, what should I do?

If you have provided your Netflix account credentials, change all passwords immediately, especially if you use the same credentials to log into other accounts.

Can an email be malicious?

Yes, emails can be used to deliver malware. They can contain malicious links or attachments. However, opening an email by itself is completely harmless. Computers get infected only when recipients open malicious files. In certain cases, opening a malicious file does not infect computers unless additional steps are performed.

Will Combo Cleaner remove malware infections that were present in email attachment?

Yes, Combo Cleaner can detect and eliminate almost all known malware. However, running a full system scan can be necessary to detect high-end malware that hides deep in the operating system.

▼ Show Discussion