corfayr fremont radborne

[Berk Boyraz]

I don't have a Netflix account and never have done. I have a Gmail address which I have never used for public communication. Suddenly I started getting email to this Gmail address from Netflix - not a "Welcome to Netflix" email or one requesting address verification, but what looked like a monthly promo for an existing account. This was addressed to someone with a different real name, with that name not similar in any way to the Gmail name.

After a few of these messages I decided to investigate by going to Netflix and trying to log in with that email address. Using the "forgotten password" option I was able to get a password reset email, change the password and log in. The account appeared to be from Brazil, with some watch history but no other personal details stored and no payment information.

Soon the emails from Netflix started to ask me to update payment information. I didn't, of course, and then they changed to "your account will be suspended" and then "your account has been suspended". The "come back to Netflix" emails are still coming in occasionally.

I don't see how this could possibly be a phishing attempt - I carefully checked that I was on the real Netflix site, used a throwaway password not used on any other sites, and did not enter any of my personal information. I also checked the headers of the emails carefully and they were sent by Netflix. So is this just a mistake on somebody's part, mistyping an email address (although it's surprising that Netflix accepted it with no verification), or something more sinister?

(Note that the above steps don't include any "password reset" step for Jim to access the account; that's because the email from Netflix includes authenticated links that won't ask for it. The attacker wants the victim to click on the email links instead of visiting Netflix manually, this is what enables "Eve" to log back in to the account in step 7. Or, since Netflix emails authenticated links, possibly "Eve" already has one.)

The above situation is partially caused by Netflix (understandably) not recognizing Gmail's "dots don't matter" feature where email sent to [email protected] and to [email protected] end up in the same account. That doesn't really matter in your case (given that if this is how you're trying to be scammed, step 1 was skipped entirely), however.

The most probable situation is that someone used an arbitrary Gmail address (yours) in order to sign up for a free trial, or mistakenly tried to change their email to the wrong address (maybe to have a friend/family also get emails).

This would not be a "hack" or even a phishing attempt, just using any available address. This does mean that your Gmail address could not be used for a free trial at Netflix, so there is that negative impact to you.

As a side note, by logging into someone else's account, you have violated many country's "unauthorised access" laws. I would not make a habit of doing this (or telling others on public sites that you have".

I get dozens to hundreds of e-mails from legitimate companies (car dealers, LA dept of water and power, Macys.com, cell phone activation notes, the payroll company ADP, and Nationwide insurance) from people with my first name and an initial matching my last name.

The worst was in early 2019, when I received medical records (Lab results in a .PDF file) - a clear HIPAA violation, since e-mail isn't an authenticated or encrypted communications channel. The "medical records" person, who should know the law, was the sender of the e-mail.

In my case, none of them are nefarious, but represent clueless users or even worse, clueless sales clerks (such as Lenscrafters in Maryland), the Apple store in Manhattan, and others too numerous to mention.

I got emails from Netflix too saying that my account was cancelled and that there was a sign in attempt somewhere from the US... except that I live in Canada, and have never made a Netflix account in the first place. I went directly to the Netflix website and was able to speak to a representative, and they deleted the account. There was no payment information either. I don't understand why this happened, either someone has a similar email address yet without the dots, or perhaps there is some sinister reason, but I wouldn't know. I've wondered if someone might do this hoping that the other person would fill in their payment information, thus enabling the account.

I Got a message on my Apple TV that I had to contact Netflix because of a problem with my account. I tried through the netflix web site and I had to enter a email address and password. After unsuccessful attempts to try to get a new password, I phoned Netflix. They could only check on my account by looking up my email address. I gave them two addresses and they could not find either address. They couldn't check by my name or by the receipt I received from Apple. I want to know what email address Apple uses for a subscription to Netflix through Apple TV.

Thank you Rysz; That makes sense however netflix does not have that email either. They were surprised at this also. I'm thinking that two letters of my email when typed appear to be another letter. Perhaps it was transcribed wrong in their records? If I have further problems I will check on that.

Identifiers (such as name, e-mail address, postal address, postal code, telephone number, IP address, payment information identifiers, from the devices you use to connect, characteristics about the networks you use when you connect to our Experience)

When you interact with us, certain information might be collected automatically. Examples of information include: the type of computer operating system, device and software characteristics (such as type and configuration), referral URLs, IP address (which may tell us your general location), statistics on page views or interactions with activities, and browser and standard web server log information. This information is collected using technologies such as cookies, pixel tags, and web beacons. We use this information for the support of internal operations, such as to conduct research and analysis to address the performance of our Experience, and to generate aggregated or de-identified reporting for our use.

This Experience might use cookies to support the performance of our site and to remember choices you have made, such as preferred language. You can modify your browser settings to control whether your computer or other device accepts or declines cookies. If you choose to decline cookies you may not be able to use certain interactive features of this Experience or certain of its Experiences. You can delete cookies from your browser; however, that means that any settings or preferences managed by those cookies will also be deleted and you may need to recreate them. Depending on your mobile device, you may not be able to control tracking technologies through settings. The emails we send might include a web beacon or similar technology that lets us know if you received or opened the email and whether you clicked on any of the links in the email.

The Experience might give you the option to share information by email, social or other sharing applications, using the clients and applications on your smart device. Social plugins (including those offered by Facebook, Twitter, Instagram, and Pinterest) allow you to share information on those platforms. Social plugins and social applications are operated by the social network themselves and are subject to their terms of use and privacy policies.

We use reasonable administrative, logical, physical and managerial measures to safeguard your information against loss, theft and unauthorized access, use and modification. We may retain information as required or permitted by applicable laws and regulations, including to fulfill the purposes described in these Terms.

The Netflix family of companies: We might share your information among the Netflix family of companies ( ) as needed for data processing and storage, providing customer support, content development, and for other purposes described in the Use of Information Section of this document.

We might use other companies, agents or contractors ("Experience Providers") to perform services on our behalf or to help us to provide this Experience to you. For example, we may use Experience Providers to provide infrastructure and IT services (like hosting the Experience). We do not authorize Experience Providers to use information except in connection with providing their services, subject to the following safety issues. We and our Experience Providers may disclose and otherwise use information where we or they reasonably believe such disclosure is needed to (a) satisfy any applicable law, regulation, legal process, or governmental request, (b) enforce these Terms, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address illegal or suspected illegal activities, security or technical issues, or (d) protect against harm to the rights, property or safety of Netflix, our content partners, users or the public, as required or permitted by law.

If, in the course of sharing information, we transfer personal information to countries outside your region, we will take steps to ensure that the information is transferred in accordance with these Terms and in accordance with the applicable laws on data protection.

You can request access to your personal information or correct or update out-of-date or inaccurate personal information we hold about you. You can object to processing of your personal information, ask us to restrict processing of your personal information, or request portability of your personal information. If we have collected and processed your personal information with your consent, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

90f70e40cf