New Netflix Scam Alert – Phishers Go After the Streaming Platform's Users in Ireland
For the last few weeks, Irish Netflix users have been targeted by cybercriminals who are eager to get their hands on other people's personal information. It's difficult to estimate how big the wave of phishing emails is, and it's downright impossible to say how many people have fallen for the scam. Apparently, however, the fake messages are numerous enough to draw the attention of mainstream media.
It's safe to say that the attackers did not set about reinventing the wheel and opted for a traditional phishing scenario. The bogus emails try to convince you that the streaming service's security team has found some discrepancies during regular "maintenance". In order to rectify the issue, you need to follow a link in the email, log in with your Netflix login credentials, and update your personal information. The email also tells you that if you don't follow the instructions, you will be locked out of your account.
None of this is true, of course. There are no issues with the personal information in your Netflix account, and if you take the bait, you will be led to a fake page that will collect your login and personal data and will send it the crooks' way. Ignoring the email is actually the only right thing to do in this case.
This particular Netflix scam might not be breaking new ground, but as we mentioned already, many people, including a spokesperson from the streaming service, deem it noteworthy, which goes to show that people are still falling for it. To find out how we can stop this, we first need to figure out why phishers target users of platforms like Netflix.
The evolution of email scams
In the past, scam emails were few and far between, and they were mostly coming from African royalties who wanted to transfer their unimaginable wealth to first-world financial institutions. For a while, the Nigerian Prince scam was indeed a rather successful means of amassing illicit profits from unsuspecting internet users. Although it took more time than it should have taken, however, people did eventually learn that if a message from a random person in Africa sounds too good to be true, it probably is.
The death of the old-fashioned email scam coincided with the birth of services like Netflix, which drew crowds of users with their promise of completely changing the way we use the internet. Within a few years, the number of Netflix subscribers went into the hundreds of millions, and this meant hundreds of millions of potential targets for the scammers who were trying to find a substitute for their non-existing but extremely rich monarchs.
The value of your Netflix account
You might be wondering why anyone would be interested in your Netflix account. In reality, multiple factors make an attack on Netflix users not only feasible but potentially very lucrative. The initial investment in terms of money and effort, for example, is next to non-existent.
Netflix has now become a household name. People trust it, and on the internet, abusing people's trust is easier than you might think. As long as users see an interface that looks close to the original, they will have little problem entering all the personal information they're asked for. The collected data can then be monetized in multiple ways.
For one, although Netflix is hardly the most expensive service out there, some people continue to think that paying a few dollars a month for countless hours of content is too much. That's why hackers are selling compromised Netflix accounts on underground marketplaces and hacking forums at a hefty discount. These accounts are stolen in bulk, which means that even if a victim figures out that something's wrong and changes their login credentials, the criminals have thousands of other passwords that will still work.
Speaking of passwords that work, stolen sets of Netflix usernames and passwords can also be used in credential stuffing attacks. Despite the endless stream of examples that demonstrate the importance of strong, unique login credentials, people continue to reuse the same old passwords, and fairly often, a successful phishing attack on one account enables the compromise of multiple others. The thing that makes Netflix accounts even more attractive for criminals, however, is the financial information that they hold.
Netflix is a paid service, which of course means that subscribing to it requires a credit card. As we mentioned already, often, the crooks need to do little more than recreate Netflix's interface in order to trick people into giving away their financial data. Once again, the vast number of Netflix users and the enormous trust they put in the streaming platform's logo means that the success of such an attack is very likely.
Staying out of the phishers' nets
Protecting yourself from phishing has always been easier said than done. Ask as many people as you want if they're prepared for a phishing attack, and almost all of them will probably say that they are. Unfortunately, reality shows that they're overestimating their abilities to spot scam emails. The threat should never be taken lightly.
No two phishing attacks are the same, but there are a few things that you need to look out for all the time. Obviously, you should always check the sender's email address, and you must also be extremely cautious if you notice any typos or grammatical mistakes. Before you click on any links, you could do worse than hover with the mouse over them and pay attention to the bottom part of the browser window. Carefully examine the URL that the link leads to, and if you're not sure about it, just don't click it. All in all, if you can, you're better off not clicking links in emails at all. If you think that you really need to update your personal information on Netflix, just enter Netflix.com into the address bar and proceed to log in like you normally would.
A unique password will ensure that should you fall victim to a phishing scam, the rest of your accounts will remain safe, and Netflix's inexplicable reluctance to implement a two-factor authentication system means that the password's strength is even more important than it normally is.