« Dear Netflix: Please Don't List Irish Movies under the United Kingdom | Main | Netflix Making it Tougher to Pay with Debit Cards? »

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451c1bb69e20120a55760b3970c

Listed below are links to weblogs that reference Possible Netflix Phishing Scam?:

Comments

JDoors

There's probably a little more to that story (the return address, as given, is or was used by Netflix, they didn't say whether or not they actually checked their account info on the Netflix site -- they may have the wrong expiration date or are using a different card and forgot), but the advice given by HNF is correct: Always use a pre-existing link or manually type in the address to access your Netflix (or any other) account.

banter

yeah I never use email links for such things. I always go to the base URL and go from there.

ex-employee

Those emails are legitimate. Log into your netflix acct. Click on your account in the upper right hand corner and then under acct. information click on payment method. We can sometimes accept the card after the expiration date, but eventually the card company will require the new expiration date. I would bet that if you followed those instructions you would see that the expiration date on your card does in fact, need to be updated.

Ev

Wrong. This is ABSOLUTELY A PHISHING SCHEME, and I wouldn't be surprised if the "ex-employee" posting above is a part of it.

My mom received this same email today, from [email protected] Everything about the email appeared legitimate, as did the link to update her account. But the actual link was sketchy (DO NOT TRY TO LOG IN WITH THIS): http://www.netflix.com.32654126.instanceid.wn.hp.278520754.actionflag.es.hmi.5bnull.5dm.5badd.5ds.5bstarted.5d.n3tf1x.com/

Once I followed that link to the "Netflix" site, I made up a username and password and, what do you know, it let me log in. Then, I completely made up a credit card number, expiration, etc., and again it accepted it and thanked me for updating my info. Obvious phishing scheme.

I'm amazed that there isn't more info about this scam out there. I've notified Netflix and hopefully people will see this post.

The advice of banter and JDoors above is still good: never click on links like this in emails, even if they are legit. If you ever get an email about updating credit card info, go to netflix.com and update your account info that way.

Ev

I emailed Reed Hastings (Netflix CEO) on a whim about this and, amazingly, he emailed right back and thanked me for the heads up. He later forwarded me an email response from Andy Rendich (according to LinkedIn, the "Chief Service and DVD Fulfillment Officer" at Netflix).

Pretty cool that they were able to shut this thing down so quickly. There will be more of these scam sites, so always be wary of emailed links.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From: Andy Rendich
Sent: Thursday, September 02, 2010 2:51 PM
To: Reed Hastings
Subject: RE: Netflix Phishing Scheme via [email protected]

Reed:

Update

We have found that there are two domains involved in this phishing attempt, including "mynetflix.com" (registered to a Chinese company) and "n3tf1x.com" registered to a Los Angeles address. Both domains have been taken down, so if you try to access them, you will get a page not found error. The key going forward is to see how we can be more proactive instead of reactive.

Thanks...

Andy

The comments to this entry are closed.

Sponsors

Third-Party Netflix Sites