What is the “Your Netflix Subscription Suspended Within 2 Days” scam email
“Your Netflix Subscription Suspended Within 2 Days” scam refers to a phishing campaign that targets streaming service Netflix customers. It falsely informs users that their account is about to be closed if they do not resolve a payment issue. The email contains a link, that, if clicked, would take the user to a phishing site that asks for Netflix login credentials. These credentials, in addition to payment card details, are what the malicious actors behind this phishing campaign want.
“Your subscription has been suspended as we are still unable to process your payment” is how this phishing email starts. Supposedly, Netflix was unable to process your payment but the streaming service is offering a 2-day “grace period” to update the payment details. If users do not update their details within 2 days, their account would supposedly be closed permanently. The email has an “Update my payment” button, which, if clicked, would take users to a fake Netflix website.
Netflix does indeed send emails to customers whose payments the company was unable to process, which is why some users may fall for this phishing campaign. Legitimate Netflix emails also contain a button that would take users to their Netflix payment settings. However, instead of redirecting users to their Netflix profile, the phishing email would take users to a site imitating Netflix and ask them to log in. If users type in their login credentials, the data would be immediately sent to the cybercriminals operating this phishing campaign. The data would likely be sold on a hacker forum to other cybercriminals. The phishing page may also ask you to provide your payment card information, in addition to your login credentials. The request would not seem unexpected considering that the email said Netflix could not process your payment. But if you were to provide your payment card details, they, too, would be sent to the cybercriminals and likely sold on a hacker forum.
Phishing campaigns always try to imitate legitimate websites. In some cases, the phishing sites may look completely identical. However, the site’s URL will always give away a phishing site. Before you log in anywhere, always check that the URL is correct.
How to recognize phishing emails
Phishing emails that target random users instead of specific targets are usually very obvious. There are certain signs you should always be on the lookout for. If you learn to recognize malicious and phishing emails, you will be able to avoid getting phished.
One of the most noticeable things in malicious emails is grammar/spelling mistakes and awkward English. Let’s take this Netflix phishing email as an example. “Your Netflix subscription suspended within 2 days” sounds quite awkward, and you would certainly not find this wording in a legitimate email by Netflix. Emails from huge companies like Netflix will never contain any mistakes because they would make the company look unprofessional.
The sender’s email address is one of the first things you should check whenever you receive an unexpected email that asks you to do something. The email addresses look quite obviously fake in many cases, made up of random numbers and letters. But in some cases, they may look more legitimate. Before engaging with the email, research the email address to find out whether it actually belongs to the person/company the sender claims to be. If you received emails from the company before, compare that address to the one that’s causing you to be suspicious. A simple search with Google or another search engine is also often enough.
If you use Netflix and receive emails from it, you likely noticed that you are always addressed by the name set for the main profile. This email does not use a name, which immediately gives it away as a phishing attempt. Names are automatically inserted into emails from companies like Netflix. This is done to make the email appear more personalized. But since malicious actors do not know users’ names, they use generic Customer, User, and Member words. For example, the below Netflix phishing email addresses the user as “Dear”. Unless “Dear” is the name of the main profile, Netflix certainly does not use such words to address its customers.
Another Netflix phishing email
When you receive an email containing a link, the first thing you should do is check whether the link is safe. Hover over the link with your mouse and the site’s URL will appear at the bottom of the window. If the address looks strange in any way, do not click on it. In fact, it’s safest to not click on any links in emails. If an email from a company whose services you use asks you to fix your account, access the account manually instead of clicking on the link.
“Your Netflix Subscription Suspended Within 2 Days” scam email removal
If this email landed in your inbox, you can remove “Your Netflix Subscription Suspended Within 2 Days”. If you did not interact with it, you don’t need to do anything. However, if you clicked on the link and entered your information, you need to change your Netflix password immediately. If you lost access to your Netflix account, try contacting the company to get the account back. If you’re unable to get it back, contact your bank to cancel your payment card so you’re not charged for services you do not use.