Spoiler alert: the internet is a wretched hive of scum and villainy, and everyone is trying to rob you, always. Just when you were about to pat yourself on the back for not falling for the latest scheme, another one comes along. Here's how you can tell if you were affected by the Netflix phishing scam, and how to avoid it if you're the next target in line. If you haven't received any emails purportedly sent by Netflix recently, you're probably in the clear, but if you did, and you followed the instructions within, you might have cause for concern.
The scam has previously been used in the Netherlands, and it's now making a resurgence in the United Kingdom, according to the Malwarebytes blog, so let's all get prepared before it crosses the pond. The message reads as follows:
We’re having some trouble with your current billing information. We’ll try again. But in the meantime you may want to update your payment details. During the next login process, you will be required to provide some informations like (billing info, phone number, payment info.)
Thank you for your understanding on this matter.
Thank you for choosing Netflix !
The message, which comes from the address firstname.lastname@example.org, contains a link to a site where payment information can be entered. Surprise, that email is not actually from Netflix, and the site it takes you to is fake. But maybe it happened to pop up in your inbox while you were simultaneously cooking dinner and nursing an infant, and your toddler was screaming about how she wanted to watch Bubble Guppies, and all you could think was "Reactivate! Reactivate!" as you frantically entered your credit card number into the site. Don't beat yourself up; just call your credit card company and ask them to cancel the card and send you a new one. With any luck, nobody's trying to use it yet.
According to Netflix, the company "will never ask for any personal information to be sent to us over email," although you may receive a legitimate email with a link to update your information. You can hover over the link to see where it leads, or better yet, go to the site directly. If you really do need to update your info, you'll see a message. As with any emails of this nature, be sure to check the address it came from, as well as the URL it leads to.
When vetting email accounts and websites, watch out for tricky subdomains. The part of the address just before the .com is the domain, not the one before it. So your bank's login page might have an address like login.yourbank.com, but yourbank.login.com is not actually affiliated with them at all. Likewise, a real message might come from email@example.com, but firstname.lastname@example.org isn't really from them. Also be on the lookout for extra dots; the domain tflix.com is available right now, which means anyone could buy it and create a subdomain labeled "ne," then create a spoofed page with the address www.ne.tflix.com (please don't do that).
The fastest and easiest way to spot a fake Netflix email, or almost any scam email, is to pay attention to the spelling, grammar, and punctuation. Did you catch the errors in the one above? If not, you might want to look more carefully (or start copy-pasting your emails into a spellchecker). Scam email messages often contain deliberate errors, according to Microsoft researcher Comac Herley, to weed out more discerning readers. The idea is that those who don't question broken English are less likely to question more shady stuff down the line, like handing over financial information. So next time you get an email asking for account information, you'll know how to tell if it's legit.
Watch Romper's new video series, Romper's Doula Diaries:
Check out the entire Romper's Doula Diaries series and other videos on Facebook and the Bustle app across Apple TV, Roku, and Amazon Fire TV.