Have you been a victim of scammers impersonating NETFLIX?

by Lorraine Williamson

NETFLIX entertainment platform is enjoyed by millions of people; therefore, it is also a target for potential scammers.

Scammers often pretend to be large organisations such as banks, couriers etc. This is because a high percentage of people use the service or company.  Therefore, they may be less suspicious if they receive an SMS or email.

Just by the law of averages, the scammers will have success as many people will click on the link without thinking, or out of urgency, or stress.

The objective of this fraudulent campaign is to redirect the victim through a fake link to a website that impersonates the official NETFLIX site, to obtain access credentials to their account. In this case, the intent is to alarm the victim. Consequently, they will click on the link to correct supposed problems in the payment of their subscription.

Do not give out your details

If you have a subscription with the NETFLIX platform, and have received a malicious email or SMS, do not enter your credentials onto their message.

What to do if you have clicked on the link

If you are subscribed to NETFLIX and have received such a message and subsequently clicked on the link and then entered your access credentials (username and password), you may have been victim of this attack.

The Oficina de Seguridad del Internauta (OSI) advise of various scams that are going around, and what you should do if you believe you have been a victim.

The first thing they advise to do, is check if you still have access to your NETFLIX account. If so, change the password immediately (remember to set a strong password). Furthermore, if you use this password in other online accounts, you should change them too.

Contact the service provider

However, if you are unable to connect to your NETFLIX account because the cybercriminal has taken over it, the OSI recommend you contact the service provider (NETFLILX).

Contact the bank

If you have entered your credit card information, the recommendation is to immediately contact your bank. You will find the emergency telephone number of the company that issued your credit card. You can then proceed with blocking or cancelling charges made recently or future attempts.

Avoiding this type of fraud

You can avoid being a victim of fraud of this type by following the recommendations of the OSI:

  • Do not open messages from strangers or that you have not requested, delete them directly or block them if your device allows it and do not answer these SMS in any case.
  • Be careful when clicking on links, even if they are from known senders.
  • Check the URL of the web page. If it does not contain a certificate or does not correspond to the official site you intend to access, do not provide any type of personal information: username, password, bank details, etc.
  • In case of doubt, consult directly with the entity involved, in this case NETFLIX, through its Help Centre, or with trusted third parties, such as the State Security Forces and Bodies (FCSE) and the Security Office of the Internet user (OSI) of INCIBE.

In addition, in this case, NETFLIX provides its users with a section of security recommendations in cases of smishing and phishing.

Details of this fraud

This scam has been put together in such a way that it takes you through a process which seems normal, so that, by the end, you may not even realise you have been a victim of fraud.

Baycrest Wealth

This scam begins with a text message which if you click on the link takes you to a fake website. You are then taken through a series of requests for information and clicks to the next page where more information is requested.

The fraudulent messages of this campaign that have been detected so far are characterised as follows:

  • Even though they contain a link that begins with ‘https’, this does not guarantee that the connection is secure.
  • The identified URLs use words that are very similar to the brand, such as ‘netfspain’ or ‘neftxes’.
  • The message uses phrases like ‘confirm data’, ‘payment refused’ or ‘update your information’ as a claim.
  • These messages may contain misspellings that show it is not an official entity. In this case, the absence of accents is a giveaway.

The various steps involved

Generally, these messages are introduced by the word ‘NETFLIX:’ to give more credibility.

In some messages, it generates urgency for the victim to carry out the action in a period of 24 hours.


If you click on the link, it redirects you to a fraudulent website very similar to the official one. On this website, it asks you to log in with your access credentials.


Once the access data has been entered, a message is displayed indicating that your account is temporarily suspended.

NETFLIX account suspended

By clicking on the ‘Next’ button, a form will appear asking you to enter the billing information (name, surname, address, postal code, telephone number and date of birth).


Next, you will be asked to enter your bank details through another form.

Bank details

After entering the data, supposedly, a code will be received at the telephone number provided.


Although if you click on ‘Next’ after entering any character, a message will appear. This will inform you that your account has been verified.

Account verified

Finally, by clicking on the ‘Next’ button, you will be redirected to the official Netflix website. However, by this time, the cybercriminals will have already taken all your data.


Due to this process, you may not even realise you have been the victim of a fraud.


You may also like