If you’ve checked your email any time recently, you’ve probably seen a plethora of junk messages relating to COVID-19, your bank and bills in need of attention. If you haven’t already guessed, most of these are spam and scams, but why are so many of these obvious traps slipping through our filters so easily?
The answer is complicated, but it has to do with the fact that more people are online than ever these days. Between coronavirus lockdowns and the shuttering of mass gatherings and entertainment, the online population is far larger and riper for exploitation by hackers. Tap or click here to see why there are so many phishing scams nowadays.
To make matters worse, a new scam is circulating that poses a unique danger to your bank accounts. This phishing email looks like a real message from Netflix describing a billing error with your account. But if you make the mistake of filling out the form it links you to, your entire bank account can be drained. Here’s how you can spot it.
Ignore this deceptive Netflix email
Netflix is urging subscribers to avoid opening a phishing email that claims to come directly from the company. If it appears in your inbox, interacting with the message can give the hackers behind it access to your bank account — and potentially other personal data as well.
Here’s how it works: The email arrives with an urgent alert that there has been an error processing your monthly Netflix payment. In the text, you’re prompted to click a link to update your payment and account information.
Clicking the link takes you to what appears to be Netflix’s website, but filling in your payment details and account information results in your card information, email and password being harvested by scammers.
But that’s not the only danger surrounding this scam. Many incarnations of the email include what appears to be a text file as an attachment. Downloading this attachment can potentially result in ransomware or other malware being installed on your computer on top of the phishing issue. It’s a double-whammy of scam in one message!
The threat of ransomware is everywhere these days. That’s why it’s important to back up all of your essential files with a company you can trust. We recommend our sponsor, IDrive.
But as bad as this scam is, it’s actually quite easy to detect and avoid — even if you’ve accidentally ventured deeply into the scam site.
How can I spot the scam?
As with nearly every phishing email claiming to come from an official source, the easiest telltale sign to look for is the sender field of the email itself.
In this copy obtained by Tech.co, you can see the sender domain isn’t from Netflix at all. Instead, it’s a complex string of characters and numbers from a site called ngedownloads1.onmicrosoft. We don’t recommend visiting this domain if you value the safety of your computer and data.
But that’s not the only suspicious thing about the message. The email itself doesn’t even address you, a subscriber, by name like all normal Netflix emails do. Instead, it’s generalized, which indicates it was probably sent to hundreds of thousands of people in a mass email blast. The “Your friend at netflix” signoff (in lowercase, no less) isn’t doing any favors, either.
Tech.co even explored the link just to see what happened if you visited the scam site. To nobody’s surprise, it’s filled with poor design and spelling errors. Most importantly, it looks nothing like Netflix at all!
Once again, we don’t recommend visiting this website for security reasons.
Beyond this obvious phishing scam, here are some general steps you can take to protect yourself in case you run into more realistic fake emails down the road:
If you want to avoid getting caught a phishing campaign, here are some easy steps you can take to stay safe:
- Don’t open emails if you’re not familiar with the sender. If you don’t open a phishing email, you can’t get phished.
- Avoid downloading attachments unless you’re 100% sure of what they are, why they were sent and who sent them. If an email with an attachment arrives from a trusted contact, make sure they actually sent it by calling or messaging them. Their account may be part of a botnet, for all you know.
- Always check the sender field for a genuine email domain. If the domain doesn’t match the official website of the “sender,” it’s a fake.
- Don’t click links in emails you’re unsure about. Just like with attachments, verify with the sender that they actually sent it and that they know where it goes.
- Check the URL of any site you visit to make sure it accurately matches any official websites. It’s not just emails that masquerade as different entities, after all.
- If an email asks for personally identifying information or login credentials, just ignore it. Netflix, to its credit, notes that it never asks for this information. The same can be said for almost every major company or platform out there.
Unfortunately, it doesn’t seem scammers of the world will stop their annoying tactics any time soon. But with enough foresight and knowledge, you don’t even have to worry about becoming their next victim. A sharp eye is all it takes to stay safe. Tap or click here to see another example of a realistic-looking email scam.