Since the COVID-19 pandemic began, you’ve grown addicted to Netflix. Social-distancing restrictions, few places to hang out with friends, quarantine-induced lolling around—we get it.
But don’t let your Floor Is Lava addiction make you act in haste. That email you received, asking you to update your billing information, is bogus.
The subject line is designed to make you panic, like “Account on hold—invoice confirmation” or “Update subscriptions payment—we have terminated your account premium membership,” and the body of the email includes the chunky, red Netflix lettering. A similar warning might be sent via text.
These phishing messages are designed to trick you into typing in your payment information, which lets crooks get your financial details faster than you can say, “I didn’t take one bathroom break during The Last Dance.”
Bottom line: Don’t click on the links or open the attachments.
People lost an estimated $57 million as a result of phishing last year, according to the FBI’s Internet Crime Complaint Center.
This Netflix scam isn’t new, but sheltering-in-place and other societal restrictions may have upped people’s Netflix-and-chill quotient so much that they become too chill about data theft, especially when they—erroneously—fear their membership is nixed.
“We take the safety and privacy of our members’ accounts very seriously,” a Netflix spokesperson tells Fast Company in an e-mail. “If a member falls victim to a scam asking for personal information that we would never request, we ask that they reach out to us so we can protect their account, which includes monitoring and flagging any suspicious activity among other measures used by our security team.”
Phishing scams come from gibberish-y email addresses and may include generic greetings, the Federal Trade Commission warns. To protect yourself, consider installing security software on your computers and other devices, keep your cellphone software up-to-date, and use multifactor authentication to log into accounts.
As it happens, the FTC’s webpage about identifying and avoiding phishing scams includes a fake Netflix email as an example.
Should you receive a phishing message, Netflix advises you to update your password and make it stronger and unique to Netflix, plus change your passwords on other websites where you use the same email and password combination. If you didn’t recognize you were being conned and typed in your financial details, alert your bank or payment card company.
Netflix’s website points out that the company never asks for personal information—such as credit or debit card numbers, bank account details, or Netflix passwords—via emails or texts, plus it doesn’t demand payment through third parties.
The Los Gatos, California-based company has more than 190 million subscribers worldwide, according to the its second-quarter earnings released Thursday.