There are just so many scams and vulnerabilities out there that it’s almost tempting to just stay off the internet completely. You hear of so many stories of people falling victim to phishing emails and other scams that it seems there’s no way to avoid being a victim yourself.
Well I’m here to tell you that you can avoid being a victim and I’m going to show you how and what to look for. I’m going to be looking specifically at a Netflix phishing email scam and show you how to tell that it’s not a legitimate email from Netflix and other clues and indicators to look for. Without further ado, let’s jump into what a typical Netflix phishing email looks like.
A Phishing email of Netflix
When you start going through your email, looking to see what’s important or worth reading and trashing or deleting what turns out to be a lot of junk mail, you might come across an email heading that will grab your attention by saying something such as this: “ΝetfIỉх LLC МоnthƖу ऽuƅѕᴄгỉрtỉοn’ рауmеnt աаѕ unѕuсеѕѕfuƖƖ“.
You’ll probably end up clicking on the email like I did and could be alarmed when you read the full message that might say something along the lines of your subscription being on hold because of payment not being received. If after reading that email you decide you want to click the links or buttons that says Retry Payment or New Payment Method, DON’T DO IT!
I want you to pay close attention to the email heading I posted above. Look closely at the font and the spelling of some words. Notice something seems a bit off about it? Read on and I’ll explain more about it, but you can also check out the picture of the entire email itself so you have an idea of what they tend to look like should you receive one yourself.
Spelling and Grammatical Errors
A big clue that an email supposedly from a legitimate service is a fake will be spelling errors in both the heading of the email and in the body of the email. As you can see from the headline above, there is a word that is misspelled. I’m sure you probably figured out that the word is unsuccessful which of course is supposed to be with one l instead of two.
I also said to pay attention to the font of the headline as well and you can tell it looks a little bit odd. Why would a legitimate service write an attention getting headline with weird characters and a strange font? Also, a legitimate business generally will not put LLC after its main name.
Now let’s take a look at the body of the email and see if there are any other spelling errors. “We’re currently having a trouble with your Monthly Subscription (firstname.lastname@example.org) payment. WouId you like to retry your card or update your payment information?“
Notice the email doesn’t look grammatically correct? “We’re currently having a trouble with your Monthly Subscription“. Having a trouble is definitely not grammatically correct and then why would they capitalize Monthly Subscription? Those should be HUGE red flags letting you know that it is not a legitimate email from Netflix.
Another thing to look at is that they don’t use my first and last name at all. They instead use my email address to address me and anyone can find or obtain that email. A legitimate company would address you by your name. Take a look at the end of the email as well. “-Your show, Netflix“. Why would they call themselves, your show? Sometimes a legitimate email from a company would have the name of the representative who created the email. Regardless, you can see that’s also another red flag and next we’re going to take a look at another big one.
The Email Address
When you receive an email from a person or company, you can usually see the email address it was sent from. It’s near the top of the email. A legitimate email from Netflix will have @netflix.com as part of their email address, but if you look closely, you’ll see that the email address it originated from has nothing even close to pertaining to Netflix. “email@example.com“.
It may say that it’s from the Netflix Team right next to the email address field, but you can tell the email address itself has nothing to do with Netflix.
The first thing you should do if you suspect an email is a phishing email is to check the email address since it’s pretty much at the top. This will definitely be your first clue to see if it’s legitimate or not. Then you can through the rest of the email and check for the other red flags that I talked about.
There’s one last thing I want to look at that is another red flag as well. This one can be a little trickier to spot, but I will show you what to look for and how to tell if it’s legitimate or not.
Customer Service Number
At the bottom of this email, you’ll notice a black rectangular box with some additional information in it. One of the things it says is “Got Questions? Call 1-539-992-5089“. This might look like a legitimate number for Netflix customer service, but I guarantee you it’s not.
In fact, you don’t know who really is on the other end, but more than likely it is a scammer trying to get information from you which could lead to identity theft or your bank account being drained. As scary as that sounds, it’s important to think about these consequences because they happen to so many people every day.
How can you find the real number to Netflix customer service? Just do a simple Google search and it will reveal the correct number or a series of toll free numbers to contact the company. You can even try typing in that false phone number and see if there is anything related to it being a scamming number on Google.
Now you know the Anatomy of a Phishing Email
Well, we’ve taken a look at what constitutes a phishing email, especially a Netflix phishing email. We looked at everything from the email address it came from, the headline of the email and the strange looking font and spelling errors, saw that the email failed to address me by my actual name, and we’ve seen that the phone number provided for customer service is not an actual Netflix customer service number.
I cannot stress how important it is not to click on any of the links in that email because it will more than likely take you to a fraudulent site that could be loaded with malware and will try to get you to put in your real credentials and possible debit card or other banking information.
If you do any of that, there’s a good chance someone will gain access to your real Netflix account and your banking information and begin draining your account. If you suspect that’s happened to you, you need to call your financial institution immediately and let them know what has happened so that they can take immediate action.
I nearly fell for a phishing email about 5 years ago as it appeared to be legitimate email from Discover, but after I clicked the link and went to a website that nearly identical to the real Discover site, I started putting in my login information when I noticed a few things look off on the site and some spelling errors. I immediately closed the site and ran my virus scanner to make sure nothing malicious was installed on my computer.
Netflix isn’t the only company targeted with phishing emails and I’ll be sure to share other ones in the future so definitely check back.