forebree ayleyna zareck

0 views
Skip to first unread message

Cristoforo Kanoy

unread,
Aug 2, 2024, 11:29:22 AM8/2/24
to boizimalfi

I don't have a Netflix account and never have done. I have a Gmail address which I have never used for public communication. Suddenly I started getting email to this Gmail address from Netflix - not a "Welcome to Netflix" email or one requesting address verification, but what looked like a monthly promo for an existing account. This was addressed to someone with a different real name, with that name not similar in any way to the Gmail name.

After a few of these messages I decided to investigate by going to Netflix and trying to log in with that email address. Using the "forgotten password" option I was able to get a password reset email, change the password and log in. The account appeared to be from Brazil, with some watch history but no other personal details stored and no payment information.

Soon the emails from Netflix started to ask me to update payment information. I didn't, of course, and then they changed to "your account will be suspended" and then "your account has been suspended". The "come back to Netflix" emails are still coming in occasionally.

I don't see how this could possibly be a phishing attempt - I carefully checked that I was on the real Netflix site, used a throwaway password not used on any other sites, and did not enter any of my personal information. I also checked the headers of the emails carefully and they were sent by Netflix. So is this just a mistake on somebody's part, mistyping an email address (although it's surprising that Netflix accepted it with no verification), or something more sinister?

(Note that the above steps don't include any "password reset" step for Jim to access the account; that's because the email from Netflix includes authenticated links that won't ask for it. The attacker wants the victim to click on the email links instead of visiting Netflix manually, this is what enables "Eve" to log back in to the account in step 7. Or, since Netflix emails authenticated links, possibly "Eve" already has one.)

The above situation is partially caused by Netflix (understandably) not recognizing Gmail's "dots don't matter" feature where email sent to [email protected] and to [email protected] end up in the same account. That doesn't really matter in your case (given that if this is how you're trying to be scammed, step 1 was skipped entirely), however.

The most probable situation is that someone used an arbitrary Gmail address (yours) in order to sign up for a free trial, or mistakenly tried to change their email to the wrong address (maybe to have a friend/family also get emails).

This would not be a "hack" or even a phishing attempt, just using any available address. This does mean that your Gmail address could not be used for a free trial at Netflix, so there is that negative impact to you.

As a side note, by logging into someone else's account, you have violated many country's "unauthorised access" laws. I would not make a habit of doing this (or telling others on public sites that you have".

I get dozens to hundreds of e-mails from legitimate companies (car dealers, LA dept of water and power, Macys.com, cell phone activation notes, the payroll company ADP, and Nationwide insurance) from people with my first name and an initial matching my last name.

The worst was in early 2019, when I received medical records (Lab results in a .PDF file) - a clear HIPAA violation, since e-mail isn't an authenticated or encrypted communications channel. The "medical records" person, who should know the law, was the sender of the e-mail.

In my case, none of them are nefarious, but represent clueless users or even worse, clueless sales clerks (such as Lenscrafters in Maryland), the Apple store in Manhattan, and others too numerous to mention.

I got emails from Netflix too saying that my account was cancelled and that there was a sign in attempt somewhere from the US... except that I live in Canada, and have never made a Netflix account in the first place. I went directly to the Netflix website and was able to speak to a representative, and they deleted the account. There was no payment information either. I don't understand why this happened, either someone has a similar email address yet without the dots, or perhaps there is some sinister reason, but I wouldn't know. I've wondered if someone might do this hoping that the other person would fill in their payment information, thus enabling the account.

Most of us pay attention to the look of our Netflix home screen and the profiles that sit on one account. Up to five are allowed, but if you only have one or two and additional ones pop up, that's your first clue that someone has infiltrated your account. In some cases, profiles may have been deleted or altered.

Check with your crew of account sharers to see if anyone added or removed a new profile before you get alarmed. If no one in your inner circle (or their outer circle) is responsible for the new profile, delete it and set up a new password.

To delete a profile, you'll need to access Netflix on a web browser. Click on your profile icon and tap Manage Profiles. Select the rogue profiles and click Delete.

Next, check the watch history on your profiles. Is there a new TV show in your Continue Watching row? What about a set of new genres in your recommendations section? If you notice a fresh "Because You Watched" suggestion for a movie or series you never watched, there may have been a takeover. Again, ask around your circle first to make sure your mom or son didn't accidentally binge watch all those K-dramas or baking shows on your profile.

Netflix sends out an email alert when it recognizes a "new" device that signed in to your account. Typically, the company will provide information on the type of device and the location and date of sign-in. However, Netflix doesn't do this every time someone logs in, so it's up to you to periodically check this information. And in light of the password-sharing crackdown, be sure to set your main home as the primary viewing household on your account.

Log in on a web browser and navigate to your Account page. Click Manage Access and Devices under Security & Privacy to view where, when and how people have been streaming from your Netflix account. I once discovered that some stranger in Sao Paulo, Brazil, was enjoying the service on my dime (with a Fire TV Stick), which prompted me to immediately change my password. If you discover similar patterns on your account, it's time for a password update. We have some great tips for creating and protecting solid passwords.

Before you do that, head back to Security & Privacy and sign out of all devices to ensure that once you change your password, everyone has to log in from scratch. Don't forget this step if you've been traveling and using Netflix at a hotel or vacation rental.

It's likely you have Netflix on auto-renewal and therefore don't check the billing amount each month. It's time to take a peek at it to see whether you still have your chosen subscription plan. Follow this advice even if you learned your account was hacked and you canceled Netflix, because someone may still be streaming while you're being charged for it. Double check the cancellation and billing status.

It's imperative you change your password ASAP, before the trickster tries to log back in. Make sure your password is good, too. "123456" isn't going to cut it. Follow up by checking the rest of your credentials.

It's a good idea to check whether your email address has been compromised by visiting Have I Been Pwned. Type in your email or phone number and prepare to see if your information has been shared on the dark web. Receive some bad news about a breach here? Me too. A security breach is when your email, password, account name, credit card information or any other data stored on a website is illegally accessed by hackers and released to the public. Swap out your Netflix email address for one that hasn't shown up in the grimy digital underworld.

Note that when you change your email on your Netflix account page, you'll be prompted to have a code emailed to you to confirm your identity. Complete those steps to switch to your updated email address. However, if the account's email address now belongs to the hacker, you'll have to contact Netflix's customer service team to report it, or, as a last resort, cancel the account and start a new one.

Remind friends and family who live outside your household that you can transfer their existing Netflix profiles to a new account. Otherwise, these tips may put an end to their freeloading ways, too -- if you choose to avoid the password crackdown.

Whether it's your adult child, your ex-partner or a friend who benefited from your generosity, you may have allowed someone outside your home to continue using your Netflix account at some point. However, since Netflix has confirmed that it will begin charging accounts that share passwords early next year, now might be a good time to make a change.

If that person has their profile on your account, you can transfer it to their new account and delete it from yours. However, if they don't have a profile or simply use your login information to keep watching Netflix without paying, you can kick them off using a new feature in your account settings.

This week, Netflix announced it had launched a new feature in Account Settings called Managing Access and Devices. The purpose of this tool, the company says, is to log yourself out of devices you may have used while traveling, staying in hotels or visiting family and friends. However, it can also be used to boot an unauthorized user from your Netflix account.

To access this feature, sign in to Netflix in a browser on a computer, phone or tablet and select your profile. Then, hover over the downward-facing arrow icon in the upper-right corner and choose Account. Finally, go to the Security & Privacy section on your Account page and choose Manage access and devices. It may have a blue New box on the left side of the text.

90f70e40cf
Reply all
Reply to author
Forward
0 new messages