Netflix Customers Are Being Targeted In New Scam, Here's What Police Are Warning You Not To Do

by Kristin Danley 2/12/2017

Millions of people love to kick back on the weekend and pull up their favorite show on Netflix. But there's a scam circulating now designed to steal Netflix members' personal information. If you or anyone you know has Netflix, it's important to be aware of this!

According to FireEye Labs, there is a phishing campaign crafted to lure Netflix users into unknowingly giving up their credit card data and other pertinent information, such as name and address. The Aroostook County Sheriff's Department issued a warning to county residents on its Facebook page advising people to be aware of the phishing campaign. The scam is even asking for people's social security numbers.

netflix5

Instagram/jr_rocha77

Netflix members who have been targeted say the requests look legitimate. That's because, according to FireEye Labs, the phishing pages were indeed hosted on legitimate web servers. However, the web servers were compromised and the information gathered on those phishing pages are now accessible by the criminals.

Netflix members would have received an email notification that appeared to be sent by Netflix requesting membership information. The phishing link in the email redirects Netflix members to a page that copies a Netflix login page. It has fooled many Netflix users so far.

netflix

Twitter/Threatpost

The phishing link in the email then redirects Netflix members to another page that copies a Netflix login page. People then are prompted to enter their login credentials. Then they advance to another page where they enter credit card or banking account information and personal information contained in their membership details.

The Aroostook County Sheriff's Department warned:

"If you are a Netflix customer and you receive an email asking you to update your membership information, don't respond!"

Netflix offered its members several tips to keep their accounts secure from fraudulent activity like the current phishing campaign. The company says to change passwords often and not to use the same password for Netflix as is used for other accounts. Passwords should be at least eight characters long and contain a mix of uppercase and lowercase letters, numbers and symbols.

Passwords also should not include a word in the dictionary, a name or personal information such as important dates. Netflix informed its members on its website that there are active phishing campaigns and they need to be diligent in protecting their personal information.

"Phishers will go to great lengths to try to hijack your account or steal your personal information. They may create fake websites that look like Netflix, or send official-looking (but fake) emails asking you for personal information. Netflix will never ask for any personal information to be sent to us over email."

Netflix said on its website that it would never ask for payment information, an account password or social security number from any of its members, which is what is happening with the current phishing campaign. The company also requested that members contact the company to report any suspicious activity. How scary!

Sources: Netflix, FireEye, Facebook/Aroostook County Sheriff's Department FB Image Credit: Facebook/Aroostook County Sheriff's Department, Flickr/Esther Vargas