Skip to main content

Netflix scammers stealing credit card info — protect yourself now

Tiger King on Netflix
(Image credit: Netflix)

Netflix is such an on-demand part of our lives that it's understandable that we'd always want our accounts working and ready when the need to stream strikes. That's why a new series of convincing-looking attacks on Netflix users seems quite likely to steal your credit-card information.

This concerning news comes to us from the security firm Armorblox, which recently discovered a Netflix phishing attack aiming to pry your billing information away from you. 

The attack starts with an email claiming to be from Netflix Support that claims to have "encountered some problems during [its] monthly verification process of your billing address and payment details" and that it could lead to the user's subscription being "suspended in 24 hours if you fail to update your information promptly."

With that time frame thrown down, recipients may will feel a bit of a panic and want to get this measure resolved. That makes it more likely that they'll click on text that says "Click Here To Update your information." Unfortunately, though, this just sends them to a fake Netflix website where data is to be scrounged.

How to avoid this Netflix scam

First of all, the best advice we have is to be suspicious and wary of links you're emailed randomly. Just like cold calls pretending to be Windows Technical Support, they're often not trustworthy.

Whenever I get any text message or email alert that claims to be from customer service from my bank, a streaming service or anything else, that is asking me to click a link and log in, I skip right past that email or text. 

Instead, I open the actual page of the service in question, and go to my account. If there's something wrong that needs to be fixed, you'll see prompts to fix that there. 

And when you get those texts, look closely at the URLs you've been given to click, preferably by hovering over the link on desktop. A long press to preview in iOS or iPadOS starts to load the page on your device, and that could lead to other headaches.

In this example, the fraudulent Netflix CAPTCHA page's address is "https[:]//wyominghealthfairs[.]com/cpresources/d3835d8b/1/" — which is obviously not affiliated with the king of streaming services. (The Wyoming Health Fairs website was probably not aware that it had been hacked.)

Subsequently, after you fill out the CAPTCHA, you're taken to a page that looks like it could be the official Netflix site, until you see its axxisgeo[.]com address. Again, you know that's not Netflix. Don't trust it.

How this Netflix scam works

Armorblox details that both of the fraudulent web pages were being hosted on legitimate web domains that have their security certificates all taken care of, so your web browser won't put up a worrying alert about the legitimacy of those pages.

The CAPTCHA test to prove that you're human is another effective barrier to detection of these phishing pages, because browsers and antivirus software alike often rely upon computer algorithms to rapidly process suspicious sites.

Oh, and right after you fill out your Netflix billing information? The scammy sites redirect you to the actual Netflix home page, so it all feels like everything is copacetic. 

This kind of scam targets the low-information internet user, unaware of how they might be fleeced next. Be sure to share this teachable lesson with your friends and elderly relatives, to make sure they don't fall prey to the trap.

The AxxisGeo (a Norwegian seafloor-drilling firm) and Wyoming Health Fairs sites have both been scrubbed of these phishing pages. But the crooks behind could easily plant their stakes somewhere else, so make sure to keep your guard up.