I got an email from Netflix saying that they were unable to bill my membership, but I’m suspicious because when I log in to Netflix I don’t see any warnings or alerts. Is this email legit?
Kudos to you for checking on the site directly rather than just trusting an email that’s shown up, whether it looks completely clean and legit or whether it’s a bit sketchy! In this particular case, if this were a legit Netflix email notification, it would be duplicated in your Netflix account information that you can access by going directly to netflix.com in your Web browser and logging in to the service. It’s not there? Then the email’s a scam. Easy.
But in this era of increasing phishing attacks, it’s astonishing to me that so many companies are still sending email with clickable links embedded. What are they thinking? Instead, send the notification email and then explain how people can go directly to the site and address the problem without including a clickable link. A bit more hassle, but a lot harder to scam if you’re a bad guy.
Still, let’s have a look at this phishing email message, because I got one too. Mine looks like this:
Looks pretty legitimate, doesn’t it? The two tiny clues that make me suspicious right off the bat, though, are that it’s to “undisclosed-recipients” (why plural? I thought it was just my problem) and that it’s “Reply-To: noreply rlpnet.com” (why isn’t it “@netflix.com” or maybe even “billing.netflix.com” or similar?)
Still, modern email systems give you a tiny preview of embedded URLs if you have the patience to hover the cursor over the link without clicking:
Okay, so “.tr” is Turkey. Pretty darn sure that Netflix isn’t using a billing system hosted at binicllik.org.tr, somehow!
But lets say that I wasn’t really paying much attention at all and clicked on the “Sign in” link. Here’s what I’d see:
It does look legit! But, without the Netflix database behind it to check passwords, you can actually log in with any two words. Try “eatme” and “scammer” as the email and password. 🙂
If you do, you’ll end up here, which shows that they’re targeting Canadian Netflix users for this particular scam:
The fact that they have information on the page about “Secure Server” is, of course, adding insult to injury.
The simple fact is that you should never click on a link embedded in an email message, whether it’s from your bank, a shopping site you like, an auction site, or a streaming movie service. Avoid that, and you’ll be safe forevermore.
If you do fall for a scam like this, immediately – and I do mean IMMEDIATELY – go to the real site (like netflix.com) and change your password. Do it. Now. Then if you shared banking information it’s smart to call your bank’s fraud department and ask for them to cancel your credit card and issue a new one.
Good luck and be careful out there!