It seems like scammers have siginificantly scaled up their phishing attempts through the 2020 COVID pandemic. Besides other popular services and websites they have been striving to hijack with fake emails, I recently ran into one allegedly coming from Netflix. The cheesy email, bearing Netflix’s logo, claimed that my subscription is about to expire due to a missing payment, and urged me to reset my password and update my payment method if I didn’t want my Netflix account deactivated. The email read precisely as follows:
Netflix Final Reminder: Subscription has a past due payment – Invoice 40847054
We’re sorry to say goodbye.
We regret to inform you that we were unable to settle the outstanding invoice for your subscription.“UPDATE PAYMENT”
We will try to process your payment again for the next 3 days, after that your subscription will be automatically cancelled.
Thank you for your prompt attention in resolving this matter.
VIEW ALL TV SHOW & MOVIES >
100 Winchester Circle, Los Gatos, CA 95032, U.S.A.
Netflix phising email
Unsubscribe | Terms of Use | Privacy | Help Center
SRC: 15310_en_US
Apart from the overall shabby design and phrasing of this email, it became right away obvious that it was a cheap scam due to the characteristic of such phishing emails, masked sender format: From: ᥒoreply@ᥒetflix <[email protected]>… I mean, come one, who would take this crap seriously? If you have received the same scam from a different email, do please leave the address in the comment section at the bottom of this page.
A thing I wonder about is how they may have extracted Netflix’s users’ email addresses. Unless, of course, they simply send out emails at complete random, regardless of whether an address is associated with a Netflix account or not.
Anyhow, out of plain curiosity, and perhaps an opportunity of a good scamming-the-scammers operation, I decided to go ahead and click on the “update payment” button. It led me to a fake Netflix log-in page, where I filled the fields with a made-up email address and a random number of 1’s for a password.
Surprise surprise, it logged me in! Of course, next came the bank-card-details update screen. And I completed this, too, with random shit.
This time, unfortunately, it wouldn’t take me any further. The form was set to accept only valid bank card numbers. I could, of course, have put a real bank’s credit-card-number format, and give some random digits on the personal part of the code, in which case I’m pretty sure they would accept it, and I was dying of curiosity to see what comes next… but I was bored to search for it online. So I just left it there. I really hope, however, the idiots checked up my logging-in attempt and uttered a good curse upon seeing my provided credentials.
Check out this Netflix’s help page about related phishing attempts.
