Netflix users have a lot to like when it comes to the Netflix website. Whether it's just the DVDs in the mail, just the streaming video, or both at once, there are plenty of great things to watch waiting. But there's a new development that promises to be worse than even the worst title on the site: a new email-based scam that's out to get its hands on valuable personal information.
Commonly known as a phishing scam—in which the operators go “fishing” for personal data by tossing emails in multiple directions—it starts with a message in a user's email inbox claiming to be from Netflix, requesting users to proceed to a certain webpage—a link to said page is generally and conveniently included in the email itself—to “update” information. But, this particular breed of phishing scam has a little better bait than the ordinary, and that makes this one something to watch out for.
What's giving this page its extra punch? For one, it offers up better graphics, making it look almost like a professionally-designed site, certainly a site of much better quality than the usual phishing site might use. But even more insidious is that these ‘phishers’ actually registered a domain name specifically for the phishing scam, reportedly registering netflix-ssl.net for the operation. Normally, an easy way to spot a potential scam is in the link in question, which goes to some preposterous combination of words that has seemingly nothing to do with the account in question. But here, some viewers may see that “Netflix” link and actually think the mail is authentic. It would be particularly bad for mobile users, who may not see the entire address and only see “Netflix.”
There are other giveaways, of course; actual corporate communications are usually very well-edited, and presented with a minimum of spelling mistakes, grammar issues and the like. So seeing an email that contains these is a fair sign that the company didn't actually send out said mail. But it's a good idea in general to be suspicious of email from companies in general, especially those that are actually dealt with; many companies have internal messaging systems, like My eBay and the like, where more reliable messages can be had. Look for an urgent tone to the message as well, which may be there to spur users to action, and keep antivirus systems up to date as well; most modern browsers include some anti-phishing technology as well, but there's often a lag between new phishing measures and the recognition of same by said technology.
It's difficult to stay out in front of phishing scams. By the time one's recognized and caught, another one is likely ready and waiting in the wings. There could be several others waiting behind that one to boot; and keeping all of them straight can be tough. Thankfully, most of these don't demonstrate the same level of technical proficiency that this Netflix scam did. But for the vigilant, most phishing scams will likely never actually impact the user, and this one is no different. Simply not answering will prove to be protection enough, and it's nice when doing nothing is actually the best defense.
Edited by Maurice Nagle