If you get an email from Netflix telling you that your account is suspended due to a problem validating your credit card, don’t believe it. It’s almost certainly a sophisticated phishing scam that first made its appearance early this year and has since gone out to tens of millions of people. And it appears to be working: Wired reports that the cybercriminals behind the scam have continued to send it out with almost no alterations, a likely sign that it’s proving effective as a way to fool people into revealing their Netflix username and password, and even credit card numbers, home address, and date of birth. The miscreants can sell all this useful data on the dark web.
This phishing scheme is good enough to fool even very sophisticated users–it’s a genuine work of art as phishing goes. For instance, Netflix always advises users that “Netflix will never ask for any personal information to be sent to us over email.” That may be a great safety tip but it won’t help you here because this scheme doesn’t do that. Instead, it asks users to click on an official-looking link to “Restart your membership.”