Netflix Phishing Scam – Don’t Get Fooled

Dermot SmythSecurity and Compliance Officer
It’s the first day of March, the weather is starting to warm up and the excitement of the upcoming St. Patrick’s Day holiday can be felt throughout the world.

Netflix Phishing Scam

It’s the first day of March, the weather is starting to warm up and the excitement of the upcoming St. Patrick’s Day holiday can be felt throughout the world. While it’s not quite spring (that starts on March 20th) the sneak peeks of sun we are lucky enough to receive have brought life back into the city as people start to leave their house to enjoy the rare winter rays. However not everything is rainbows and sunshine, a new Netflix phishing scam has appeared, stealing user’s information without them even noticing.

The new  Netflix phishing scam has been reported and has already affected a large amount of Netflix users. The  phishing email, claims there is a problem with the user’s payment and request they click through the email to verify the account. The new page that opens up requests personal information from the victim such as:

  • Full Name on Credit Card
  • Credit Card Number
  • Credit Card Expiration Date
  • Credit Card Security Code
  • Social Security Number
Once a user enters their information, they are forwarded to the actual Netflix page, leaving most with no idea they have even been phished.

How to Spot the Netflix Phishing Scam Email

These emails are super realistic and since they lead to the actual Netflix site, can be hard to identify, even after a user’s information has been stolen; so how does one protect themselves?

The best way to learn how to detect and defend against phishing emails is to know the usual mistakes and factors made in these types of attacks. Below is the email a user would receive if they were targeting by this new Netflix phishing scam email and the phishing identifiers that should stand out to them.

Netflix phishing scam email march

Sender Information

The first thing to look at whenever you are unsure of the authenticity of an email is the sender information. In this case, it is very clear from the sender email that this is not from an official Netflix email address, but rather from someone in France (known by the  .fr country code).

The fact that this is  not sent from an email address should immediately set off alarm bells, and the user should know to proceed with caution. While this may seem obvious, many email services will only show the email’s name (Netflix) unless the user clicks on it, making it hard for someone to notice who is just giving the email a glance over.

SENDER info netflix phishing scam email
Phishing emails can also ‘hide’ their address and replace it with an impersonated email address, such as This is very common with CEO fraud, as the attacker usually fakes the CEO’s real email while hiding their own, to learn how scammers can do this  read our blog on CEO Fraud.

The Content

The next thing to look at is the actual content of the email, and ask yourself the following questions:

  • Does it look like other emails you’ve received from this company before?
    • Does it use the brand colors?
    • Is the tone and subject of content familiar?
  • Are there spelling and grammar mistakes?
    • Scammers who send these attacks are looking for people who are gullible or easily tricked. To find these users, the scammers will often leave a few errors in the text, assuming that if a user continues to read after the spelling and grammar issues, they are more likely to enter their information without looking too close.
  • Is this something the company would email you about?
    • Most companies will never ask for your bank details, credit card details, or personal information through email, if you do receive a random email asking for any of these, contact the company directly and do not click any buttons/link or enter in any data.
Below is an example of how these three questions immediately make the Netflix phishing scam email stand out as a phishing email.
Netflix payment phishing email march editedThe first thing to notice is that the email is addressed with a lowercase ‘ hello’ and is signed with  ‘Netflix support Team.’(Underlined in orange). The capitalization, or lack there of, is suspicious as Netflix is a large established company and logic would conclude they would double check their emails before sending them out.
The grammar in the email is also a bit strange, using unnatural sentence structure such as “ we are aware of their own” and  “will result in a suspension Netflix” is not something an established company like Netflix would allow to be sent out.
Finally, the fact that Netflix is emailing this user to ‘ maintain their high level of account security” is something that should be called to attention. How would the user validating their billing and payment help Netflix’s account security? The two aren’t directly related and the association the email makes between them should raise alarms.

The Links

Even if the sender email address looks okay and all the content seems to be legitimate, the links will almost always give away the email’s malicious secret. This is because users can physically see where the URL is trying to send them, whether it’s to the official site or a phishing one, simply by hovering over the button/link.

In the new Netflix phishing scam email, the  ‘Netflix support Team’ link at the bottom of the email returns when it is hovered over. This is a common tactic used by scammers, they will place actual links to the site around their fraudulent one to appear more legit and try and trick users.

support team link netflix phishing scam email
However, it is a different story when the  ‘Click here to verify your account’ button in the email is hovered over; this time an unfamiliar and foreign link is appearing. The button in this email does not send the user to verify their Netflix account information as suggested but instead brings them to a page hosted on instead.

verify button netflix phishing scam email

The Checklist

The lack of an authentic  @netflix sender email, the strange and out of place subject, tone, and grammar issues, and the misleading button/link combination should make it clear that this is indeed a phishing email and not an official correspondence from Netflix’s support team. Users who receive this email should refrain from clicking any links and entering any personal data, and report the email to their IT department or  email security service.

Users should run through the above questions as a checklist for identifying phishing emails, though it should be noted if a user still feels wary about an email they should refrain from clicking links, even if it passes all the above checklist.

Companys should ensure all their employees are aware of how to detect and defend against phishing emails like the one above and should implement  email security policies to prepare and protect their business from these attacks.

Comments (0)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.