Netflix subscribers have reported receiving emails that claim their membership must be re-validated and sensitive information should be provided in order to do so.
According to USA Today, the email instructs subscribers to enter billing information, like credit card numbers, on the Netflix website via a link that takes them to their account on the site’s page -- but the link doesn’t actually go to a real Netflix web page. Instead, internet users are directed to a fraudulent site.
The email, which warns subscribers of potential account suspension in bold letters, reads: “We were unable to validate your billing information for the next billing cycle of your subscription therefore we’ll suspend your membership if we do not receive a response from you in 48 hours.”
This isn’t the first time Netflix customers have been targeted by scammers.
“Unfortunately, these scams are common on the internet and target popular brands, such as Netflix and other companies, with large customer bases to lure users into giving out personal information,” a Netflix official said in a statement to WIRED.
Netflix’s website encourages customers to hover their computer cursors over a link to see the website’s URL. Oftentimes, a URL can determine a webpage’s sponsor.
“If you’re unsure about a link in an email, you can always hover your cursor over the link to see where it directs in which you can see the real linked web address at the bottom of most browsers,” the Netflix website reads.
Netflix officials say the company does not ask for any personal information to be sent to over email, including account passwords, Social Security numbers or credit/debit card information.
WIRED suggests taking these steps to find out more about a sender if you’re suspicious of an email:
To confirm who really sent an email, click on the downward arrow next to the sender's name in Gmail. It'll expand to show the full info. Hover over any links to confirm that they lead to the URLs they claim. Make account changes by navigating, on your own, to a site itself, and log in there instead of going through an email link. Don't reuse passwords.