The Netflix Scam: What It Is and How to Protect Yourself From It

Don't get caught up in this phishing expedition

What to Know

  • The Netflix scam is a phishing scam that targets subscribers of the streaming service; it's back with a vengeance during quarantine.
  • Got an email that says your Netflix account details can't be verified and your account will be suspended? Do not click any links in it.
  • Instead, go straight to your Netflix account and log in normally to check your account status. If there's a problem, fix it there.

This article explains what you need to know about the Netflix scam and offers tips to protect yourself against it.

What Is the Netflix Scam?

The Netflix scam involves receiving an email in your inbox that appears to be a legitimate message from Netflix. It mentions that your account details could not be verified and that your account will be suspended if you don’t update those account details immediately.

The email will also contain a link that takes you to a phony web page where you will be asked for your private details, including your credit card details. It is important to know what this scam looks like in order to avoid being a victim.

How Does the Netflix Scam Work?

The email typically starts with a rather alarming subject line. It will say something along the lines of “Update Payment Method”.

Once you open the email you will find a very convincing Netflix logo and branding that makes the whole thing seem legitimate.

Inside the email you will find a message that says something like this:

“We’re having trouble validating your billing information. We will have to suspend your membership if you do not respond to this message within the next 48 hours.
Netflix Scam Email Screeshot
Screenshot of a Netflix scam email.

A link will usually be included in the email with a message like “update account now.” Clicking the link will take you to a convincing page that looks almost like the real thing. There, you'll be asked you to enter a bunch of information to update your payment details, including your username, password, address, date of birth, and credit card details.

How Do Netflix Scammers Find Victims?

Netflix scammers will typically send a bulk email to millions of addresses at the same time, depending on probabilities to get some legitimate Netflix subscribers.

Netflix itself tries its best to keep its list of subscribers confidential, so it’s typically hard to have a bunch of emails that belong only to Netflix subscribers unless they were bought on the dark web. However, if you send an email purporting to be from Netflix to a large enough group of emails, you’re bound to get a percentage of them belonging to Netflix subscribers, especially considering the streaming service’s large subscriber base.

Netflix is actually quite profitable for scammers. In the periods leading up to the release of some popular show, there is typically a lot of anticipation, and users are more likely to respond quickly to any messages claiming their accounts might be suspended, leading them to miss the premiere of the show. This makes the success rate of trying to provoke such potential victims particularly high. It was tried earlier in 2019 when scammers managed to use the hype surrounding the Game of Thrones finale to scam some users into going on phishing sites and giving away their credit card details and other private information.

How Do I Avoid Getting Involved in This Scam?

With the internet being the way it is, you can never completely protect yourself from getting emails from unscrupulous people. With all the data leaks happening at major companies, chances are your email address may fall into the hands of someone who wants to steal something from you, either your money or your identity.

However, what you can do when you receive such an email is to be very careful about it. Whenever you get an email from a company you have an account with, here are some safety precautions you should take:

  • Confirm who the sender is: There is a downward arrow next to the sender’s name. Select it to see if the email address actually makes sense. If it doesn’t seem like an email address the purported sender would use, then you’re probably dealing with a scammer.
  • Look for typos: Emails from scammers often have so many typos that it soon becomes evident that no self-respecting company would send the email.
  • Don't immediately select any links in emails: Instead, hover your cursor over the link. You'll see the full URL on the bottom left corner of your browser screen. If it looks suspicious, then you’re probably dealing with a scammer. Do not click the link.
  • If the email has anything about your account details, don't click the link: Instead, go directly to your account by opening a new browser tab and going to the official website. Review your personal information and update it if necessary.
  • Watch out for pressure tactics to get you to act quickly: In the Netflix scam email, for example, they tell you that you have to respond within 48 hours. Such tactics are designed to bypass your critical thinking faculty and manipulate you into acting without thinking things through.

I’m Already a Victim. What Should I Do?

The first thing you should do if you’re already a victim of a scam is to change your account details. Go directly to your Netflix account and change your password before the scammers have a chance to access your account.

Beyond that, report the scam and resulting incident to phishing@netflix.com, the FTC via spam@uce.gov, and the Anti-Phishing Working Group via reportphishing@apwg.org.

Change your email password as well. If you gave away your credit card details, call your credit card provider immediately and report the crime so your credit card can be immediately locked.

How Do I Avoid Being Targeted for the Netflix Scam?

The best way to avoid being targeted for the Netflix scam is to be aware of the red flags as stated above.

Keep your personal and financial information secure and don't give this information out to just anyone. Change your passwords every three months and use strong passwords. Only give your email address to trusted sources, too. If you learn your email address has been compromised in any way, set up a new one.