Home > News

New Netflix Phishing Scam Can Steal Credit Card Info

By Laura Tucker
News Netflix Phishing Scam Featured

Netflix is great for providing so many hours of television and movies, making it the go-to entertainment option for many. But as enjoyable as it is, it can still provide some trouble. This is what the Amorblox site found out when it discovered a Netflix phishing scam that is stealing credit card information.

How the Netflix Phishing Scam Works

Before abandoning Netflix, it may be beneficial to find out how the scam works and how it was found, as perhaps you can changes things up a little to be sure it doesn’t happen to you so that you don’t have to abandon the streaming service.

Victims of the Netflix phishing scam were sent an email that looks like a Netflix billing failure. It tells them their subscription will be canceled unless they update their details within 24 hours. When they click a link in the email, it sends them to a CAPTCHA page that has the Netflix logo.

By solving the CAPTCHA, they’re sent to a site that looks like Netflix. Here they fill in login details, a billing address, and credit card details. They’re redirected to the real Netflix site so that they never suspect they have just been phished.

This was not initially targeted as a scam as it did five things to increase the chance of it being seen as legitimate.

  • CAPTCHA redirect, which helps disguise the URL
  • Pages are legitimate web domains, yet not connected to Netflix
  • Victims taken to Netflix lookalike site then sent to real site
  • Failure notice seemed authentic and required urgency
News Netflix Phishing Scam Content

How the Attack Was Discovered

So the Netflix phishing scam attackers were doing it right, as they were getting away with this and stealing everyone’s credit card information. But what tipped off Amorblox?

The first tipoff was the language, intent, and tone in the email. Amorblox was trained on a lot of data and has been customized to all the customer environments. Once the Netflix email was analyzed, it saw that an unusual request was made. Additionally, the language model detected a sense of urgency, something that isn’t normally found in authentic emails from customer support.

There was also a low communication history between the victim and the sender of the email. Not that that’s indicative on its own of trouble, but when it is combined with the other warning signs, it’s still noteworthy.

While the attacker hadn’t communicated with the victim before, it also hadn’t visited the website domain where the victims were sent. It would stand to reason that someone who worked at Netflix would have been visiting the domain.

These warning signs, along with some other signals they saw, caused Amorblox to flag the email as a credential phishing threat.

Other than detecting the Netflix phishing scam, if you’d like to also avoid other credential phishing threats, just remember the warning signs here. Learn more ways to recognize a phishing site as well. Hopefully, you won’t ever fall victim.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox

Laura Tucker Avatar
Laura Tucker
Laura has spent more than 20 years writing news, reviews, and op-eds, with the majority of those years as an editor as well. She has exclusively used Apple products for the past 35 years. In addition to writing and editing at MTE, she also runs the site’s sponsored review program.

Read next

When the SS Great Eastern laid the first working transatlantic telegraph cable in 1866, a message that had taken ten days by steamship suddenly crossed the ocean in minutes, and the financial markets of London and New York were forced, within a single trading week, to invent the modern concept of synchronised global price.
From below of blue starry sky over radio telescope and trees with leaves
The Big Ear telescope was scanning at 1420.4056 megahertz on the night of 15 August 1977, the exact frequency at which hydrogen atoms vibrate across the universe, because Giuseppe Cocconi and Philip Morrison had argued years earlier that any species trying to be found would broadcast on that channel — and then, for 72 seconds, something did.
In 2016, archaeologists dated two rings of snapped stalagmites in France’s Bruniquel Cave to 176,500 years ago, evidence that Neanderthals had walked 336 metres into darkness with fire and built architecture deep underground long before modern humans reached Europe
Otto von Bismarck was 74 when Germany adopted the world’s first national old-age social insurance program in 1889, setting the pension age at 70 after years of fighting socialists with bans, laws, and a promise few workers would live long enough to use
When cosmonaut Valeri Polyakov stepped out of his Soyuz capsule in March 1995 after 437 consecutive days aboard Mir, doctors recorded him at several centimetres above his pre-flight height, and his spine had become so unaccustomed to gravity that the recovery team carried him to a chair rather than risk the compression of letting him walk.
When Bell Labs engineer Karl Jansky pointed a rotating antenna at the sky in 1932 looking for sources of transatlantic radio static, he kept picking up a faint hiss that peaked every 23 hours and 56 minutes, and he eventually realized he had become the first human to hear the center of the Milky Way.
A contemplative scene with two scientists in a vintage laboratory setting.
When Harvard astronomer Cecilia Payne submitted her 1925 doctoral thesis arguing that the Sun was made almost entirely of hydrogen, the field’s senior figure Henry Norris Russell talked her into adding a line calling the result ‘almost certainly not real,’ and then published the same conclusion himself four years later to widespread acclaim.
When seismic waves from the Chicxulub impact reached what is now North Dakota roughly ten minutes after the asteroid struck, they appear to have triggered a ten-metre standing wave in an inland river that flung fish onto the bank and buried them under glass beads still falling from the sky.