/ Money

Netflix customers targeted by scam emails

Sophisticated phishing emails purporting to be from Netflix are attempting to extort customer bank details. Here are two examples you need to watch out for.

Online streaming services have revolutionised the way in which we watch TV, with Netflix at the forefront of their success.

The platform reportedly has over 150 million subscribers worldwide, so it’s easy to see why it’d be a target for scammers trying their luck with carefully crafted phishing emails.

If you’re a Netflix customer and you’ve received an email out of the blue regarding ‘updating your payment details’ or ‘expired membership’, don’t take it at face value – it could be a scammer’s attempt to extort your bank details.

‘Your account is on hold’

Fortunately, we’ve got hold of two examples of these phishing emails so you know what to watch out for.

The first is the most convincing:

The use of both Netflix and Visa’s branding here gives the illusion of a genuine email, but when you look closer, you’ll see that it’s arrived from a fraudulent email address that has nothing to do with Netflix.

It’s be easy to miss if you’re in a hurry, which emphasises the importance of checking emails like this thoroughly, especially if it’s requesting sensitive information.

Our guide to spotting an email scam can help you catch the telltale signs.

‘Suspended membership account’

The second email we’ve seen isn’t quite as slick as the first in its content, but has made use of email spoofing in an attempt to con unsuspecting Netflix subscribers:

You’ll note the incorrect spelling of ‘membership’ as ‘memebership’ on a supposedly Netflix-branded domain. Again, it’s easy to miss at a glance.

The email itself also contains classic phishing email giveaways – such as the rogue ‘You’re’ and out-of-place capital letters.

We made Netflix aware of both of these phishing attempts. A Netflix spokesperson said:

“We take the security of our members’ accounts seriously and Netflix employs numerous proactive measures to detect fraudulent activity to keep the Netflix service and our members’ accounts secure.

Unfortunately, phishing scams are common on the internet and target popular brands such as Netflix and other companies with large customer bases to lure users into giving out personal information.

Members who want to learn more about how to keep their personal information safe against phishing scams and other malicious activity can go to netflix.com/security or contact Customer Service directly.”

Keeping your accounts secure

As always, if you think you’ve handed over sensitive information to scammers, contact your bank immediately. If you’ve been a victim of fraud, here’s how to get your money back.

If you’re worried about the security of your accounts, we’d emphasise the importance of having strong passwords in place, especially for accounts such as Netflix in which two-factor authentication (2FA) isn’t in place.

Our Computing Editor, Kate Bevan, strongly recommends that you make use of 2FA wherever possible.

A password manager can help you create strong, unique, unguessable passwords. These are the ones we recommend.

Have you received a Netflix phishing email or a similar fraud attempt for another service? If so, let us know in the comments.

Know someone who subscribes to Netflix? Then please do pass on this warning.


I had a scam text rather than an email, tried to send the content by email to phishing@netflix.com but my gmail service rejected it as suspicious.

This comment was removed at the request of the user

I have received several tv licence phishing emails stating that there is a problem with
my direct debit payments.
They look very convincing however I noticed the licence no. was wrong and in one occasion had less digits.

Laura says:
15 November 2019

I cancelled netflix a few months ago but have recently received several e mails informing me i needed to update my payment method. Deleted them but didn’t realise they were phishing

Marilyn Powell says:
16 November 2019

I received an email supposedly from O2 a few weeks ago saying my account had been suspended as the SIM card had expired. A quick call to O2 proved there was nothing wrong with the account and they would report the scam.

Mariah says:
17 November 2019

Yes I’ve received a few of these emails, similar to the ones you display.
Luckily they give themselves away with incorrect spelling and grammer very often.
I have just deleted them in the apst but it may be a better idea to send on to Nrtflix if I get another.

IPS’s could help with this by charging a pepper corn amount after the first 50 emails each day when sending a email though there systems

K Met says:
24 November 2019

I have received a few emails from Netflix over the past couple of weeks offering me a 30 day free trial…I already have an account and pay monthly.

This comment was removed at the request of the user

This comment was removed at the request of the user

Two factor authentication is least secure but most convenient when the associated internet activity and text messages use a common device, i.e. a smart phone.

When the internet activity is on a different device, then (unless hacked as suggest by Duncan above) you need to have both devices in your possession to access both the internet and the second factor security tokens.

For folk who choose to use a smartphone for the bulk of their internet activity, the option of using a second phone number, on an ordinary “dumb” phone, can be a good way of increasing security above the level of putting all your eggs in one basket and running everything off the smart phone.

I usually save and store my passwords on paper via series of hints and abbreviations. That way I know they cannot then be compromised by electronic means.

This comment was removed at the request of the user

Duncan, presumably that email wasn’t actually from Which? but merely pretended to be so?

This comment was removed at the request of the user

So has Which? been hacked?

This comment was removed at the request of the user

So are you saying that (1) you got an automatic email alert to a new convo post containing links to malware and that (2) the post was rapidly or automatically removed by Which?

This comment was removed at the request of the user

If so, then shouldn’t W?C delay its email notifications until such times as new posts have been shown to be free of malware?

I, for one, certainly don’t want email notifications from W?C (and other such sites) and I’m sure those that do want any such messages to be appropriately safe, even if it means waiting a bit before they are sent.

PS – clicking on malware links can also install broswer-add-on&hijacking malware on Linux.

This comment was removed at the request of the user

Unless comments containing links are received from “approved” regulars they are, I believe, automatically put into moderation and not published until cleared. However, the complete unmoderated comment is emailed to those who choose to be notified of new comments on specific topics. You can get these by clicking on the “Follow this conversation by email” at the bottom left of the “reply” box. I’m sure you know all this 🙂

Best never to follow a link in any email. So Which?’s process should keep is safe.


I admit to being very puzzled by your post. Can you bear with me while I go through it?

You said:

Let this be a warning to those using this website —
I got an email from Which that didn’t appear in the convo ,I wont give it the benefit of naming it in case somebody is foolish enough to try the URL but Which did the RIGHT thing in blocking it .

Okay, so you were sent an email by Which?. But none of the emails I get from Which? ever appears in the topic. I don’t know why you think it should.

You then said

It is a DELIBERATE attempt to cause the regulars and posters here to have MALWARE installed on their computers —somebody made an evil attempt to cause much upset —good job Which !! you blocked it.

but for me, anyway, that poses even more questions. You have the email on your computer, but then you say Which? blocked it – yes? So how did it reach your computer if W? blocked it?

You say the URL is the culprit, but that presumably means the email Which? sent you contained a URL pointing to a malicious site. Which suggests Which? has, in fact, been hacked. Is that correct?

You then said

it was just a standard email notification but never got published on Which Convo because their virus filters spotted it

but earlier you said it was an actual email. Can you clarify which. please?

If it was, as Derek divined, an automatic email prompting you to see a new post, are you certain it wasn’t simply a post that had subsequently been deleted? The Which? system will, for example, continue to show posts that have been deleted for transgressing the Ts and Cs so that when following the hyperlink in All Recent Activity the post cannot be found.

I did, in fact, follow one such link a day or so ago,and the post had already been deleted. I suspect that’s the more likely (and significantly less sinister) explanation.

This comment was removed at the request of the user

Duncan: I fully accept the first two of your points,b ut the third one is what has me concerned.

What did the email actually say?
Did it include a link to a Which? topic?

I’m simply attempting to ascertain the precise facts of this.

Duncan, as Ian has also shown above, you may have thought that your original post was clear and simple, but I certainly did not find it to be so.

That was why I asked a series of questions…

This comment was removed at the request of the user

Duncan , please may I remind you that this site is Which Conversation and that conversation quite normally involves dialog.

duncan, this is not about your admirable help but the clarity of your original email. Some do not fully understand the event you set out to describe. 🙂

This comment was removed at the request of the user

Thanks George 🙂

This comment was removed at the request of the user

Duncan, that sounds like one I reported as “Rude or Offensive” a short while ago…

This comment was removed at the request of the user

They’re usually someone trying to advertise something. It’s something we have to watch for on any forum.

I have received scam E mails from Netflix in the past but I knew they were fake e mails because I do not have Netflix subscription.

As per previous comment, I’ve had a number of these emails purportedly from Netflix but don’t have an account with them. A good indication that they’re a scam. I’ve also had a number purportedly from PayPal with whom I do have an account but spelling mistakes are a give away! I forward & report them all to the relevant phishing/spoof email addresses & usually get a reply (automated) acknowledging them..

Michael Mitchell says:
20 April 2021

Today automatic phone call warning me of £900 being asked from my debit card,if i not now about it press 1 to block .two calls same .I pressed 1?