By Richard Arneson
If you’re like most people, you may have used the holiday break for something to augment all of the shopping, eating, getting together with family and friends, eating, sleeping in late, and eating. While you binged on food, there’s a greater than average chance you binged on something else―a show, or shows, that you’ve wanted to see for some time. And there’s no better medium on which to binge-watch than Netflix. But the Federal Trade Commission (FTC) wants you to know that if you have a Netflix account, you better watch out. They’re not talking about Santa. No, they’ve issued a phishing alert.
One (1) month ago, police in Ohio took a screenshot of the Netflix phishing scam and alerted the FTC, which issued its warning thirty (30) days later, on December 26th. The FTC was a little behind the curve, though―the UK’s Action Fraud service issued a similar warning a few months back.
Here’s how it works
The Netflix phishing scam is your basic, garden-variety attempt to access customer accounts to garner sensitive info, such as, naturally, credit card information. And they’re hoping to find Netflix customers who have committed the cardinal sin of logging on—using the same user name and password for other accounts. Yes, the thought of keeping up with unique logins and passwords for the dozens of sites you frequent sounds daunting, but there are some great products on the market that will help you manage them and keep you safe.
The Netflix phishing targets receive an email that, of course, appears to have been sent by Netflix. They claim that your Netflix account has been put on hold, which means you won’t be able to access the 9th season of The Walking Dead. They’re hoping fans will perform a panic-click on the link to re-enter information that will unlock Rick Grimes’ final episodes. The message declares that Netflix is “having trouble with your current billing information” and it needs to be re-entered (Tip: when you see the word “billing”, please be careful.).
The Netflix phishing screenshot below is unlike many others because it looks fairly good. There are no horribly misspelled words, misplaced punctuation marks, or grammar suggesting the writer is totally unfamiliar with the English language. Yes, the “Dear” salutation is pretty weird, but it might slip past an undiscerning reader.
If you receive a Netflix phishing email, you can report it to the FTC at ftc.gov/complaint. And it’s a good idea to forward the email to Netflix at firstname.lastname@example.org.
Here are some Quick Tips on how to protect yourself against Phishing Scams
- Utilize an anti-virus product that can detect fraudulent and malicious websites, or what they may refer to as anti-phishing technology in their marketing materials.
- Type in the URL of the retailer’s website. This will ensure you’re heading to the right place. I know, it’s easier to click on the link, but typing it in will only cost you a few additional seconds.
- If you’re ever questioning a site’s authenticity, type in a fake password. If it’s accepted, trouble’s lurking—they’ll accept anything for the password. Close it out and delete your browsing history.
- Also, regularly inspect your credit card and bank statements. It’s not fun reading, or an activity you’ll look forward to, but careful inspection is one (1) of the best medicines.
- When you see all CAPS in the subject line, you’ve probably received a phishing email. Why scammers like ALL CAPS is unclear, but it’s a common practice.
- Check that the e-commerce site you’re visiting begins with https://, not http://. The S is for Secure, meaning all communications between you and the website are encrypted.
- Look for misspelled words or really, really poor grammar. You won’t need an English degree to spot it—it’ll dramatically stand out.
- If you’ve entered a site and the images are of poor quality or low resolution, you’re probably on a fraudulent site. You won’t see butchered images on the websites of reputable retailers.
- Hover your mouse over links embedded anywhere in the email. If the link address looks odd and/or doesn’t represent the proper company, don’t click on it.
To find out how to secure your organization’s network and mission critical data, contact GDT’s tenured and talented engineers and security analysts at SOC@GDT.com. From their Security and Network Operations Centers, they manage, monitor and protect the networks of companies of all sizes, including those for some of the most notable enterprises, service providers, healthcare organizations and government agencies in the world. They’d love to hear from you.