Net-tricks and chill.
Netflix users have been warned to look out for an insidious, AI-powered email scam that looks nearly indistinguishable from the real deal.
This cybernetic Trojan horse, which was making the rounds over the weekend, reportedly includes the subject line “let’s tackle your payment details,” the Mirror reported. It then informs users that they’re account has been locked and that they need to update their payment info to regain access.
“Your account is on hold,” the advisory reads. “Please update your payment details. We’re having some trouble with your current billing information. We’ll try again, but in the meantime you may want to update your payment details.”
Also included is an official-seeming red button that reads “update account now.”
This correspondence is nearly identical to a legit Netflix message from the branding to the colors and even the links to the platform’s official help page.
Upon clicking on the red button, the user is redirected to an equally convincing-looking Netflix sign-in page, whereupon they’ll be asked for their Netflix username, password, home address, and card details. If these are inputted, the user will have essentially have provided cybercriminals with everything they need to steal their money.
While these malicious messaging campaigns have been around since the dawn of email, “AI technology has now enabled criminal gangs to generate phishing campaigns at speed and to more email addresses than ever,” warned Jake Moore, Global Cybersecurity Advisor at cybersecurity firm ESET, per the Daily Mail.
“Cybercriminals have been taking advantage of AI to target email addresses in huge numbers and they are also able to make authentic-looking login pages with ease to deceive users into divulging personal information or account credentials,” he declared. “Like traditional phishing attacks, however, these scams will often still attempt to create a sense of urgency, prompting recipients to act quickly without verifying the true sender’s origin or even without thinking at all.”
Fortunately, there are a few telltale signs that a message is a digital wolf in sheep’s clothing.
In this instance, the email originated from an iCloud email domain whereas official Netflix emails always come from an address ending in netflix.com.
Netflix also clarified on its site that it will never ask for bank account details, credit card numbers, or passwords via text or email.
The best way to test the veracity of an email is by logging into one’s official account.
“It is always important to research into any emails requesting personal or sensitive information,” advised Moore. “It can be reassuring to log into your account via the genuine app to see which communications are genuine.”
In general, it’s “advisable to avoid downloading any attachments,” he warned.
If you have been already hornswoggled by such a scheme, Netflix advises changing your password and reaching out to your bank.
“Change your Netflix password to a new one that is strong and unique to Netflix,” they warn. “Contact your financial institution if you entered any payment information, as it may have been compromised.”
