Netflix warning: Phishing scams increase, how to spot them

With over 192 million users around the world, Netflix is without a doubt one of the most popular film and TV streaming platforms.

But if you use Netflix, a new report may ring alarm bells for you.

Researchers from Webroot have warned of a huge surge in Netflix phishing scams, with attempts increasing by a whopping 646 per cent over lockdown.

Kelvin Murray, senior threat researcher at Webroot, said: “Phishing tactics evolve and shift with the news agenda.

“In the past we’ve seen fake stories about Conor McGregor and Elon Musk driving click-through to malicious Twitter links, and now we’re seeing a huge rise in tactics related to Netflix.

“The fact that the streaming service has grown in popularity over the same lockdown time frame is not a coincidence.”

Worryingly, the researchers found that hackers aren’t just targeting Netflix users, but also YouTube users, Twitch users and those who watch HBO.

Phishing is a tactic used by attackers to steal sensitive information, including your usernames, passwords and credit card details.

It comes in a range of forms, including fake links, fake emails, and fake warnings of account deactivation.

Mr Murray added: “To defend against these kinds of attacks, individuals should undertake security awareness training and remain vigilant in scrutinising the types of emails they receive. This should also be underpinned by cybersecurity technology such as email filtering, anti-virus protection, and strong password policies."

How to spot a phishing scam

According to Action Fraud, phishing scams often display some of the following characteristics: 

- The sender’s email address doesn’t tally with the trusted organisation’s website address.

- The email is sent from a completely different address or a free web mail address.

- The email does not use your proper name, but uses a non-specific greeting like “dear customer”.

- A sense of urgency; for example the threat that unless you act immediately your account may be closed.

- A prominent website link. These can be forged or seem very similar to the proper address, but even a single character’s difference means a different website.

- A request for personal information such as user name, password or bank details.

- The email contains spelling and grammatical errors.

- You weren't expecting to get an email from the company that appears to have sent it.

- The entire text of the email is contained within an image rather than the usual text format.

- The image contains an embedded hyperlink to a bogus site

What to do if you receive a phishing email

If you receive an email that claims to be from Netflix, that you think is fake, don’t click any of the links or open any of the attachments.

Instead, forward the email to [email protected], and then delete it immediately.