Have You Received an ‘Update Your Payment’ Email from Netflix?
Here’s how to tell if an email you’ve received from a service provider is legitimate, or a legitimate scam.
It’s hard to find someone that doesn’t have a paid Netflix subscription these days, so much so, that scammers are well-aware of this fact and they’ve launched a new way to exploit vulnerable or rushed individuals.
It’s what is known as a spearphishing scam, whereby a scammer insists that urgent action is required to either secure an account or fix a billing issue after an automatic payment was rejected.
As you can see from the screenshot supplied by MailGuard, the scammers have a legitimate-looking profile, domain address, and a convincing-enough use of data like the user account information that might be enough to get someone to hand over their credit card details to a scammer.
“We recommend that you update your payment information immediately to secure your account otherwise you will not be able to use our services,” the email reads. “We’re here to help if you need it. Visit the Help Center for more info or contact us,” it concludes.
“Cybercriminals have taken great pains to incorporate the exact colour scheme, logo, fonts and popular images commonly found in Netflix pages in a bid to convince the user that the email is actually originating from the entertainment company,” MailGuard told 9News.
“The inclusion of the threat in the email that the recipients won’t be able to use Netflix’s services if they don’t update their payment information is also a trick designed to spark panic and urgency,”
How can you spot a fraud?
While scams are getting more sophisticated, with a critical eye, you’ll be able to tell whether or not a legitimate company is contacting you, or an Eastern European scammer is trying to vacuum up your private information; try to keep an eye out on a few key things:
Check the sender’s email address, and look specifically at their domain. Often, they’ll be able to spoof the company name, @Netflix or example, but the remainder of the domain might have an obscure host like @Netflix.cz, for example.
Read the email carefully for spelling and grammatical errors; keep in mind that large companies have copywriters - teams of them - to go over any and every email that is sent, and there’s a 99% chance than an email sent off will not contain a spelling error- let alone multiple. Be equally as harsh in terms of the grammar used in the email as they’re a great hint as to the intentions of the sender. Bad spelling and grammar equals bad intentions.
Never, ever open up an attachment from an unknown sender, or one that you’re not convinced about. An attachment in an email like this will almost certainly contain a form of malware.
Check the destination in the link - without opening the link itself - by hovering over the hyperlink to see the domain. If the email is from Netflix, and you’re about to be redirected to Netflix.com, you can be fairly sure that the link is legitimate. If the link is unrelated, or looks suspicious, you’re better served by ignoring and deleting the email.
Go directly to the source via your home or mobile phone. If you’ve received an email from Telstra regarding your internet that sounds suspicious, a sudden request for updating your details or a cancellation of service, for example, call Telstra directly. The same goes for any service provider out there- it won’t take a long time to verify whether the company did indeed contact you, or if it’s a scammer trying to take advantage of you.