gianbird newman oddeta

1 view

Skip to first unread message

Latarsha Dorrance

unread,

Aug 2, 2024, 1:10:14 AM8/2/24

to neelomischpo

I don't have a Netflix account and never have done. I have a Gmail address which I have never used for public communication. Suddenly I started getting email to this Gmail address from Netflix - not a "Welcome to Netflix" email or one requesting address verification, but what looked like a monthly promo for an existing account. This was addressed to someone with a different real name, with that name not similar in any way to the Gmail name.

After a few of these messages I decided to investigate by going to Netflix and trying to log in with that email address. Using the "forgotten password" option I was able to get a password reset email, change the password and log in. The account appeared to be from Brazil, with some watch history but no other personal details stored and no payment information.

Soon the emails from Netflix started to ask me to update payment information. I didn't, of course, and then they changed to "your account will be suspended" and then "your account has been suspended". The "come back to Netflix" emails are still coming in occasionally.

I don't see how this could possibly be a phishing attempt - I carefully checked that I was on the real Netflix site, used a throwaway password not used on any other sites, and did not enter any of my personal information. I also checked the headers of the emails carefully and they were sent by Netflix. So is this just a mistake on somebody's part, mistyping an email address (although it's surprising that Netflix accepted it with no verification), or something more sinister?

(Note that the above steps don't include any "password reset" step for Jim to access the account; that's because the email from Netflix includes authenticated links that won't ask for it. The attacker wants the victim to click on the email links instead of visiting Netflix manually, this is what enables "Eve" to log back in to the account in step 7. Or, since Netflix emails authenticated links, possibly "Eve" already has one.)

The above situation is partially caused by Netflix (understandably) not recognizing Gmail's "dots don't matter" feature where email sent to [email protected] and to [email protected] end up in the same account. That doesn't really matter in your case (given that if this is how you're trying to be scammed, step 1 was skipped entirely), however.

The most probable situation is that someone used an arbitrary Gmail address (yours) in order to sign up for a free trial, or mistakenly tried to change their email to the wrong address (maybe to have a friend/family also get emails).

This would not be a "hack" or even a phishing attempt, just using any available address. This does mean that your Gmail address could not be used for a free trial at Netflix, so there is that negative impact to you.

As a side note, by logging into someone else's account, you have violated many country's "unauthorised access" laws. I would not make a habit of doing this (or telling others on public sites that you have".

I get dozens to hundreds of e-mails from legitimate companies (car dealers, LA dept of water and power, Macys.com, cell phone activation notes, the payroll company ADP, and Nationwide insurance) from people with my first name and an initial matching my last name.

The worst was in early 2019, when I received medical records (Lab results in a .PDF file) - a clear HIPAA violation, since e-mail isn't an authenticated or encrypted communications channel. The "medical records" person, who should know the law, was the sender of the e-mail.

In my case, none of them are nefarious, but represent clueless users or even worse, clueless sales clerks (such as Lenscrafters in Maryland), the Apple store in Manhattan, and others too numerous to mention.

I got emails from Netflix too saying that my account was cancelled and that there was a sign in attempt somewhere from the US... except that I live in Canada, and have never made a Netflix account in the first place. I went directly to the Netflix website and was able to speak to a representative, and they deleted the account. There was no payment information either. I don't understand why this happened, either someone has a similar email address yet without the dots, or perhaps there is some sinister reason, but I wouldn't know. I've wondered if someone might do this hoping that the other person would fill in their payment information, thus enabling the account.

As of the fourth quarter of 2022, Netflix had over 231 million paid subscribers around the world [*]. This ever-expanding user base and its seething mass of personal information make Netflix a pliable target.

For Amber Torres, it was the unusual, look-alike Netflix URL that gave away an otherwise flawless smishing scam [*]. An unprompted text message claimed that Netflix couldn't process her payment. The message also included a URL that misled Amber into re-entering her username and password on a fake login page.

You may receive an email out of the blue that contains a link to a short survey. These unsolicited emails peddle free gift cards in return for your responses. The email subject line, copy, and buttons are all carefully crafted to make you click on a phishing link.

In this email phishing scam, Netflix imposters notify you that your account has been suspended. The message contrives a problem with your billing information and includes a link to validate or renew the account.

True to the narrative, this call to action also directs you to a Netflix look-alike website designed to steal your data or money. As you can see, these emails bear unsettling resemblances to actual Netflix communications and could easily pass for legitimate emails.

A Netflix Tagger was a once-official Netflix job title that took off in 2015 [*]. These part-time hires were required to have voracious appetites for Netflix content in order to best categorize it for users.

These attacks are often elaborate, with convincing intricacies that include functioning CAPTCHA pages hosted on secure domains. You may even be redirected to the real Netflix homepage after you surrender your information on the phony site.

According to the Better Business Bureau (BBB), an influx of recent reports indicate that victims have been targeted with malicious pop-ups [*]. These pop-ups may flag false errors with your device or streaming app, and can elicit phone calls to a specific number.

Exercise caution when you receive text messages or emails containing links, especially if they are from unknown sources. Look for red flags such as poor grammar, a sense of urgency, or off-brand design. If you're unsure, go directly to the Netflix website or app and log in from there to access notifications.

Create a strong and unique password for your Netflix account to prevent unauthorized access. Avoid easily guessable information such as names or birthdays. To manage these complex passwords, use a secure password manager like the one included in every Aura plan.

Keep your devices updated with a reputable antivirus software program. This can prevent malware and other threats from breaching your Netflix account. In general, software updates nestle security patches for vulnerabilities that hackers are known to exploit.

Regularly review the devices connected to your Netflix account by visiting your account settings. Look for any unfamiliar devices or unusual activity. If anything seems awry, sign out of the device from your account and immediately change your password.

Check your Netflix account settings to make sure your password recovery phone number is up to date. If you lose your password or need to recover your account due to security reasons, you'll be able to access your account more easily.

If you come across any potential security vulnerabilities or phishing attempts related to Netflix, report them right away. Netflix also has a bug bounty program for security researchers to report issues.

Scammers may have gotten your email address from a recent data breach, or from third-party sources such as data brokers. You can avoid Netflix-related scams by knowing how cybercriminals may make an assault on your account.

Managing your online presence can quickly become a litany of time-consuming steps. With Aura, you have 24/7 access to a team of U.S.-based Fraud Resolution Specialists and up to $5 million in insurance coverage for eligible losses due to identity theft.

*The Identity Theft Insurance is underwritten and administered by American Bankers Insurance Company of Florida, an Assurant company. Please refer to the actual policies for terms, conditions, and exclusions of coverage. Coverage may not be available in all jurisdictions. Review the Summary of Benefits.

Statista R identifies and awards industry leaders, top providers, and exceptional brands through exclusive rankings and top lists in collaboration with renowned media brands worldwide. For more details, visit our website.

One of the factors identified by Netflix as a driver of its latest subscriber slowdown is the widespread practice of account sharing. In addition to 222 million paying households, Netflix estimates that more than 100 million households have access to its service by sharing someone else's password, including over 30 million households in the U.S. and Canada.

Those estimates, while alarming, are consistent with the results of a recent survey conducted by Morning Consult. The market research firm found that a significant number of Americans share a Netflix account with someone outside their household, which is technically illegal. According to the survey of 2,209 U.S. adults conducted in April 2022, 17 percent of the respondents access Netflix using someone else's password, with 11 percent using the account of someone outside their own home.

Having long looked the other way when it came to account sharing, accepting it as a necessary evil during a period of rapid growth, Netflix can no longer afford such generosity, as it desperately needs to reaccelerate its user growth. What some call a coming crackdown on password sharing, Netflix calls "more effective monetization of multi-household sharing," which it has already piloted in three Latin American markets. Earlier this year, subscribers in Costa Rica, Peru and Chile were given the option to add sub-accounts for up to two people outside their own household for a reduced membership fee.