Massive Netflix scam is stealing account and credit card info from users in 23 countries
SMS messages are being used in a widespread phishing scare campaign
Bitdefender reports that an SMS phishing campaign has targeted Netflix users in 23 countries in an attempt to steal login credentials, personal information and even credit card information.
In a new blog post, the cybersecurity firm details how this scare campaign, which may have begun back in September, is a popular method that's often used to trick customers into thinking that they haven’t paid for their subscription and that their account will soon be suspended.
The SMS message sent out to potential victims provide them with a link to click and authenticate their account. They're also prompted to update their credit card information in order to keep their account current. As you may have guessed, these sensitive login and financial details aren't going to Netflix. Instead, they will be re-packaged and sold on the dark web. This way, the scammers behind the campaign get paid while the hackers buying this data have a wealth of new credentials and credit card details to use in future attacks.
This particular SMS phishing campaign appears to have spread to 23 countries including the United States, Germany, Spain, Australia, Greece and Portugal. While the link appears authentic at first glance because it looks official and uses Netflix’s name, some who receive it will be savvy enough to avoid clicking through. However, because there is a sense of urgency created by the potential of losing access to a Netflix account, less knowledgeable users may click the link and enter in their information.
How to stay safe from SMS phishing scams
It’s important to know that Netflix does not contact customers via text messages and most companies don't. While it doesn't offer 2-factor authentication for additional security there are other ways you can protect yourself and your account.
First make sure that you have a security solution, like one of the best antivirus software suites or one of the best Android antivirus apps, set up on your devices to protect against malware and malicious threats.
From there, you never want to open links from unknown senders as well as from unexpected senders too. When in doubt, don’t follow a link but manually visit a website by typing its address into your browser's search bar. That way, you can verify your account information and see if the text you received is real or not without having to click on any suspicious links along the way. If you have visited a shady site though, make sure to change your password and cancel your credit card if you happened to make a purchase there.
Hackers and scammers love to impersonate Apple, Microsoft and all of the other top tech brands, so it's not surprising they've started using Netflix as a lure in their attacks, especially ahead of the holidays. It's up to you to check every email, text and even message on social media you receive with a careful eye to avoid falling victim to a scam like this. However, if you keep your wits about you and avoid clicking on suspicious links, you and your Netflix account will be safe.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
More from Tom's Guide
Amber Bouman is the senior security editor at Tom's Guide where she writes about antivirus software, home security, identity theft and more. She has long had an interest in personal security, both online and off, and also has an appreciation for martial arts and edged weapons. With over two decades of experience working in tech journalism, Amber has written for a number of publications including PC World, Maximum PC, Tech Hive, and Engadget covering everything from smartphones to smart breast pumps.