ESET Ireland warns users to look out for a well-made fake Netflix page, that includes a security certificate, but collects’ victims’ credit card numbers for the cybercriminals.
A genuine-looking email was received by ESET Ireland, appearing to be a warning about an expiring Netflix subscription, titled “Your cancellation confirmation”, claiming the user’s payment at the end of a billing cycle failed, so their membership is getting cancelled. Then a big red button invites them to “restart membership”.
Anyone with an existing Netflix account would be alarmed by this and would be likely to click on the “restart” option. The button links to a convincing looking fake Netflix website, complete with “https”, a padlock, an address that looks Irish and even a security certificate for the page.
After “signing in” with their email and password, the victim is asked to fill in all their address and billing details, including their credit or debit card details, and so all this personal data is handed over to the scammers. The page then redirects to the actual Netflix site.
ESET Ireland recommends Netflix users do not use links in emails to log into their accounts and should particularly avoid filling in any payment details. They should instead log in and check their status the way they always do, and should delete any such suspicious emails, as well as warn their friends about the scam.
Full story with screenshots (free to use) of the scam at ESET Ireland’s official blog.