Beware if you have received an SMS or an email that seems to come from Netflix inviting you to give your opinion on the films and series in the catalog! It is quite simply a phishing campaign to steal your identifiers and your banking data.
Like any major self-respecting streaming platform, Netflix is often used by cybercriminals trying to impersonate subscribers, and the methods are sometimes very inventive! Right now, many people – and not just subscribers! – receive e-mails from “Netflix Surveys”, which invite them to share their opinion on the films and series in the catalogue. The subject of the email, “Netflix appreciates your feedback”, is quite unremarkable and unmistakably similar to the requests for reviews and ratings that legitimate sites usually send. Nothing that arouses the suspicion of the victim therefore. And then, what could be more enjoyable than sharing your entertainment with a whole community? The invitation is tempting… However, the link contained in the message leads to a fake login page, on which the victim will enter his identifiers and other personal information, which will be immediately collected by the hackers. Netflix therefore wanted to warn its users about this new scam method by adding it to a thread of tweets that lists the phishing methods identified.
Beware, a new phishing method is emerging.
As a reminder: if you have received an e-mail/SMS asking for your e-mail address, telephone number, password or payment method associated with your account, it is certainly not from us! pic.twitter.com/uovMjcjknX
— Netflix France (@NetflixFR) February 21, 2023
Netflix SMS: a well-established phishing technique
There are many variations for Netflix phishing campaigns. Thus, some people receive an SMS supposedly from the platform, telling them that there is a problem with the billing of their subscription – payment refused, expiry of the subscription to be renewed, etc. – and that, without rectification on their part, the service will be suspended. Of course, the message contains a link that refers to a pirate site that looks a lot like the real Netflix connection interface, where the victim is invited to enter his identifiers, then various information – surname, first name, address, telephone number – and finally the bank details, all for the purpose of reactivating the subscription. A fairly classic – but effective – phishing technique. The same scam also circulates by e-mail (see our article).
Fake login pages are now commonplace. One of the signs that should make you suspicious – but this applies to all scams – is the phone number. Already, Netflix very rarely sends text messages to its subscribers and, when it does, they never contain a link. In addition, the platform would not use a personal telephone number in 06 or 07, as is the case in these scams, to contact its subscribers. Ditto for email addresses that seem strange! She specifies on his help center that “we will never ask you to enter personal information in an email or text message.” The only address to use to access Netflix for any reason is www.netflix.com/fr/ .
If you’ve ever been the victim or the target of such a message, the video-on-demand (SVOD) service recommends forwarding the SMS to them – but the same goes for emails. To do this, just long press on it to select it, choose “Transfer”, and send it to the following address: [email protected]. Finally, delete the message. If you ever clicked on the link or transmitted certain personal information, immediately change your password, as well as that of the other accounts where you use it – by the way, it is not recommended to use the same one for several accounts. And, if you have ever gone so far as to transmit your banking information, call your bank without further delay to take the necessary measures.