The letter looks a valid email from the streaming company and convinces customers to update their information including personal and credit card information.
Email recipients receive personalized notices informing them that their billing information needs to be updated and they must "restart their membership".
The email looks pretty legitimate, complete with Netflix logo and avoids numerous usual giveaways such as poor spelling and grammatical errors. When they click on the link, they were directed to an authentic-looking fake Netflix scam site that was built on a compromised WordPress blog.
If you click that link, you're taken to what appears to be the Netflix login page, but it has a different URL.
Using the personal information gathered by the fake site, the cybercriminals could steal a user's identity and gain access to credit card and even bank accounts. The next page asks for your full name, address, payment details and date of birth, according to DailyMail.
According to Deadline, more than 100 million subscribers have been targeted by the scam thus far; there's no word as to how those emails were obtained. The cyber-security firm notes that scammers can design the fake email and bogus websites in a way that it is nearly impossible to identify.
This is not the first time (and certainly not the last time), when Netflix users were targeted with an email scam.
The email scam looks legitimate, but it's not.
MailGuard called the phishing scam "relatively well designed" because of its ability to generate "individualized messages with specific recipient data".