Scammers went phishing in the very large pool of Netflix users this week. FireEye, a cybersecurity and malware protection company, discovered the phishing campaign this past Monday.
Phishing (pronounced “fishing”) lures customers with “click here” tactics to get them to provide information.
In this case, scammers sent emails asking Netflix users to update their personal and payment information. After victims did so, they were then redirected to the real Netflix home page without a worry.
Do you know if you were affected?
What You Need to Know If You’re a Netflix User
First things first: Chill.
At this time, the phishing websites are inactive, FireEye reports.
But phishing is incredibly common, says Steve Weisman, professor at Bentley University and author of the fraud and identity theft blog Scamicide.
In fact, U.S. Homeland Security Secretary Jeh Johnson said it’s the biggest threat to our country’s cybersecurity.
And the act is especially common among big-name sites and products such as Netflix, Amazon and Apple, because phishers don’t even have to get their hands on an email list, Weisman says.
Practically everyone uses these services… so why not just take a blind guess?
Phishing comes in the form of emails, texts and even phone calls, seemingly from someone you trust. The phisher tells you that you need to take action, such as updating your account info.
In this recent Netflix incident, victims were told to update their account information. That’s easy enough, and heck, you don’t want to lose access to “Gilmore Girls.”
By supplying their names, dates of birth, addresses and payment information, users gave phishers access to their bank accounts.
4 Ways to Detect Phishing Scams and Reel ’Em In Fast
This ain’t the first phisher, nor will it be the last.
To keep yourself — and your money — safe, Weisman offers these solid tips to keep in your back pocket for any time you receive a request to provide personal information:
1. Check the email address.
Even if the email you receive looks like it’s from Netflix, take a hard look at the address. What email provider has it been sent from? Look behind the @ sign for the extension. Is there something in place of a “.com”?
Take an extra step, and copy and paste the address into Google. See if it directs you to Netflix’s page or if other people are abuzz about a new scam.
2. Read the email.
Hark back to your high school English classes, and check for bad grammar and misspelled words. I’m not so sure phishers have editors.
3. Even if it looks legit, don’t trust the logo.
Weisman describes the look of the recent Netflix phishing photo as “terrific” in that it really did look legitimate.
However, it’s so easy nowadays for hackers to get their nabby hands on a logo using a screen shot and set up a website.
4. Visit the real website.
There, you can check email addresses, find a legitimate phone number to call and read through FAQs.
In fact, Netflix’s help page contains a warning about phishing and advises, “Netflix will never ask for any personal information in an email.” This includes payment information, Social Security and/or tax identification numbers and account passwords.
Netflix also encourages you to report an suspicious emails by forwarding them to firstname.lastname@example.org.
And always follow Weisman’s motto: “Trust me, you can’t trust anyone.”
If It’s Too Late and You’ve Been Affected by a Phishing Scam…
The advice Weisman offers for victims of mobile shopping scams holds true in this case, too.
If a phisher has hooked your bank account, contact your bank or credit card company as soon as possible.
You’ll also want to file a police report, which sounds dramatic, but it might help if you have to dispute the charges at a later date.
Sure, the cops probably aren’t going to catch the hacker, but having that police report on file says, “Yes, this happened, and yes, I was being a responsible human being about it.”
So if someone bought a car in your name and creditors are calling you for money they say you owe, you’ll have that report on hand.
You’ll also want to notify the Federal Trade Commission to file a consumer complaint or report identity theft — and you can do it all from behind your screen.
Your Turn: Have you ever been affected by a phishing scam?
Carson Kohler (@CarsonKohler) is a junior writer at The Penny Hoarder. After recently completing graduate school, she focuses on saving money — and surviving the move back in with her parents.