Massive Netflix scam is stealing account and credit card info from users in 23 countries

News
By
published

SMS messages are being used in a widespread phishing scare campaign

Netflix logo on a TV screen with a remote pointing at it
(Image credit: Shutterstock)

Bitdefender reports that an SMS phishing campaign has targeted Netflix users in 23 countries in an attempt to steal login credentials, personal information and even credit card information.

In a new blog post, the cybersecurity firm details how this scare campaign, which may have begun back in September, is a popular method that's often used to trick customers into thinking that they haven’t paid for their subscription and that their account will soon be suspended.

The SMS message sent out to potential victims provide them with a link to click and authenticate their account. They're also prompted to update their credit card information in order to keep their account current. As you may have guessed, these sensitive login and financial details aren't going to Netflix. Instead, they will be re-packaged and sold on the dark web. This way, the scammers behind the campaign get paid while the hackers buying this data have a wealth of new credentials and credit card details to use in future attacks.

This particular SMS phishing campaign appears to have spread to 23 countries including the United States, Germany, Spain, Australia, Greece and Portugal. While the link appears authentic at first glance because it looks official and uses Netflix’s name, some who receive it will be savvy enough to avoid clicking through. However, because there is a sense of urgency created by the potential of losing access to a Netflix account, less knowledgeable users may click the link and enter in their information.

How to stay safe from SMS phishing scams

A woman looking at a smartphone while using a laptop

(Image credit: Shutterstock)

It’s important to know that Netflix does not contact customers via text messages and most companies don't. While it doesn't offer 2-factor authentication for additional security there are other ways you can protect yourself and your account.

First make sure that you have a security solution, like one of the best antivirus software suites or one of the best Android antivirus apps, set up on your devices to protect against malware and malicious threats.

From there, you never want to open links from unknown senders as well as from unexpected senders too. When in doubt, don’t follow a link but manually visit a website by typing its address into your browser's search bar. That way, you can verify your account information and see if the text you received is real or not without having to click on any suspicious links along the way. If you have visited a shady site though, make sure to change your password and cancel your credit card if you happened to make a purchase there.

Hackers and scammers love to impersonate Apple, Microsoft and all of the other top tech brands, so it's not surprising they've started using Netflix as a lure in their attacks, especially ahead of the holidays. It's up to you to check every email, text and even message on social media you receive with a careful eye to avoid falling victim to a scam like this. However, if you keep your wits about you and avoid clicking on suspicious links, you and your Netflix account will be safe.

More from Tom's Guide

See more Computing News
Amber Bouman
Amber Bouman
Senior Editor Security

Amber Bouman is the senior security editor at Tom's Guide where she writes about antivirus software, home security, identity theft and more. She has long had an interest in personal security, both online and off, and also has an appreciation for martial arts and edged weapons. With over two decades of experience working in tech journalism, Amber has written for a number of publications including PC World, Maximum PC, Tech Hive, and Engadget covering everything from smartphones to smart breast pumps. 

Read more
A picture showing different credit cards stacked on top of each other on a table
5 million Americans just had their credit card details leaked online — what to do now
A hacker typing on a computer
FBI issues serious warning to iPhone and Android users — stop doing this ASAP
PayPal logo on iPhone
Watch out! Scammers are using this PayPal setting to take over your PC
A person typing on a computer while hackers use phishing to steal a file from their computer
Phishing: What is it, and how to avoid it
A hacker typing quickly on a keyboard
Hackers are posing as Apple and Google to infect Macs with malware — don’t fall for these fake browser updates
iPhone 15 Pro Max shown in hand
iMessage under attack from scammers sending phishing messages — don’t fall for it
Latest in Online Security
Android 12
Google March Android Security Update fixes two high severity vulnerabilities — update now
An Android bot next to an Android TV remote
Millions of Android TVs hijacked in massive botnet — how to see if yours is at risk
Poster of Elon Musk saying "I am stealing from you"
Elon Musk's DOGE blocked from accessing your data – and 3 in 4 Americans agree
A fake text message on a smartphone being held by both hands.
Toll road scams are worse than ever — what to look for and how to stay safe
A phone with Google Search open on screen
Google just made it easier to remove your personal info from search results — here's how to do it
Eight Sleep Pod 4 Ultra with head raised in beige bedroom
Eight Sleep smart beds reportedly have a secret backdoor that can be accessed remotely — everything you need to know
Latest in News
NYTimes Connections
NYT Connections today hints and answers — Wednesday, March 5 (#633)
The new Gemini app home page vs the old
Forget ChatGPT — Google Gemini can now see the world with live video and screen-sharing
MacBook Air 15-inch M3
MacBook Air M4 biggest upgrades just tipped right before launch
James Marsden and Sterling K. Brown in Paradise
'Paradise' season finale ending explained — who killed President Bradford?
Android 12
Google March Android Security Update fixes two high severity vulnerabilities — update now
Kieran Culkin as Benjamin "Benji" Kaplan in "A Real Pain"
Hulu top 10 movies — here's the 3 worth watching now
More about online security
Android 12

Google March Android Security Update fixes two high severity vulnerabilities — update now
Poster of Elon Musk saying "I am stealing from you"

Elon Musk's DOGE blocked from accessing your data – and 3 in 4 Americans agree
NYTimes Connections

NYT Connections today hints and answers — Wednesday, March 5 (#633)
See more latest
Most Popular
NYTimes Connections
NYT Connections today hints and answers — Wednesday, March 5 (#633)
NYT Strands on a cellphone
NYT Strands today — hints, spangram and answers for game #367 (Wednesday, March 5 2025)
The new Gemini app home page vs the old
Forget ChatGPT — Google Gemini can now see the world with live video and screen-sharing
Samsung Galaxy Ring
Hot or not? Better temperature tracking could be coming to future Galaxy Rings based on patent
MacBook Air 15-inch M3
MacBook Air M4 biggest upgrades just tipped right before launch
James Marsden and Sterling K. Brown in Paradise
'Paradise' season finale ending explained — who killed President Bradford?
The 2025 contestants wait on the start line as host Phil Keoghan prepares to start "The Amazing Race" season 37
How to watch ‘The Amazing Race' season 37 online – stream return of epic reality competition
Pixel Studio showing people illustration
Pixel Studio can finally generate people — and that's not the only change Google is bringing to Pixel phones
Android 12
Google March Android Security Update fixes two high severity vulnerabilities — update now
Kieran Culkin as Benjamin "Benji" Kaplan in "A Real Pain"
Hulu top 10 movies — here's the 3 worth watching now