Email phishing scam targeted millions of Netflix subscribers

A well-designed email phishing scam targeted about 110 million Netflix subscribers earlier this month, as first reported by MailGuard. On November 3, MailGuard detected the phishing scam and prevented the malicious emails from entering clients’ inboxes.

The phishing email was disguised as official Netflix correspondence and attempted to fool Netflix users into thinking their accounts were being suspended unless they updated their billing information. The phishing email included obvious errors, such as the recipient field not being personalized and instead containing placeholder text, and the sender not being identified in the ‘from’ field.

Within the phishing email was a link to a poorly designed, fake Netflix website that asked users to enter login credentials and update their personal and billing information. Requested information included credit card and driver’s license details, mother’s maiden name, etc.

Cyber attackers could use the information for identity theft, and to compromise victims’ bank information. Once a victim inputted sensitive data and submitted the information, an account ‘reactivation’ screen appeared.

Netflix phishing scam website



Throughout 2017, Netflix subscribers have been hit numerous times with email phishing scams, in which an email directed them to click a link to update their billing information. Cybersecurity organization FireEye first detected this kind of cyber threat in January 2017.

A Netflix representative responded to the phishing scam: “Netflix employs numerous proactive measures to detect fraudulent activity to keep the Netflix service and our members’ accounts secure. Unfortunately, scams are common on the internet and target popular brands such as Netflix and other companies with large customer bases to lure users into giving out personal information.”

To protect yourself against phishing scams, hover your mouse over links contained in suspicious emails to make sure they are safe to click. A bad link will not look like a regular one: it will be shortened, have a lot of strange characters, or have some other kind of variation from an easily verifiable link.

Create a culture of information security within your organization

Your staff are on the frontline against cyber attacks. If you are looking to tackle ransomware, phishing scams, or other data breach threats within your organization, our Security Awareness Program can help. The program is designed to bring about a total shift in employee mindset and behavior, and is customized to suit your organization’s culture and awareness challenges.

After a learning needs assessment, the customized intervention program can be delivered through different media, channels, and formats to ensure the best fit with your organization’s infrastructure. The multi-component campaign will also address your audience’s unique requirements and organizational culture to have a lasting impact.