As many as 110 million Netflix subscribers may have received a scam email alerting them that their account has been suspended, only to be prompted to click on a link that leads to a phishing website with the goal of stealing sensitive personal data and credit card information. The malicious emails were first noticed Mailguard late last week, in a blog entry posted to the company’s website.
In screenshots obtained by the company, the emails tell subscribers that they were unable to validate their billing information for the next cycle of their subscription and that their membership will be suspended if they don’t take action within 48 hours. When they click on the link, they were directed to an authentic-looking fake Netflix scam site that was built on a compromised WordPress blog.
As noted by Mailguard, one major telltale sign is that is the data didn’t merge successfully, and in the “recipient” field it displays a placeholder instead of the victim’s name.
A Netflix spokesperson said to EW in a statement that the company takes the security of member accounts very seriously, while noting that unfortunately, these types of scams aren’t exactly uncommon.
“Netflix employs numerous proactive measures to detect fraudulent activity to keep the Netflix service and our members’ accounts secure. Unfortunately, these scams are common on the internet and target popular brands such as Netflix and other companies with large customer bases to lure users into giving out personal information.”
As always, it’s important to use common sense when it comes to suspicious emails that turn up in your inbox, but a safe bet is always simply to log into your account in lieu of clicking on links.