Safer Web

How a Netflix scam works and how you can spot one

Jacob Fox

May 22, 202412 min read

How a Netflix scam works and how you can spot one: Header image

Netflix scams are unfortunately quite common because scammers know that many people have a Netflix account. They often take a scattergun approach, targeting many random email addresses or phone numbers in the hope that a few victims will give away their information and compromise their Netflix or bank account details.

Fortunately, there’s plenty you can do to protect yourself from these Netflix scams, and most measures you can take are straightforward. Read on to learn how Netflix scammers operate and how you can keep yourself and your Netflix account safe from them.

How a Netflix scam works

Netflix scams usually use phishing or smishing techniques to steal your personal information, such as your username and password or your bank account information.

Phishing is when an attacker tricks you into giving them your personal information by sending you a message (usually an email) pretending to be a person, organization, institution, or service you trust. Smishing is when an attacker does this via text message instead of email.

Netflix scams usually involve an email or text message that is intended to trick you into thinking you’re reading a message from Netflix. The scammer’s goal is to get you to divulge your personal information. Sometimes, the message might try to convince you to follow a link that installs malware on your device.

What happens if you fall victim to a Netflix scam?

If you fall victim to a Netflix scam, here are some things that might happen:

  • Lost access to Netflix: If you have entered your Netflix account information on a scam site, the hackers responsible can take this information and use it to access your Netflix account and lock you out.
  • Lost access to other accounts: If you use the same login information (username and password) on multiple services, a compromised Netflix account could lead to other accounts being compromised as well. The attackers will be able to use the login information they stole to get into your other accounts.
  • Stolen money: In worst-case scenarios where you enter your banking or credit card information into a Netflix scam website, attackers could use this information to steal your money. They might do this directly by accessing your account and transferring the money to themselves, or they could use your card details to pay for products and services they use.

How do hackers determine if you have a Netflix account?

There are a few ways hackers might determine whether you have a Netflix account. They might:

  • Find your information in a database of previously leaked account information from website breaches
  • Look through your social media or other accounts to see whether you mention Netflix
  • See that you use Netflix by looking through your device in person if the hacker is someone you know

Most hackers, however, won’t even know if you have a Netflix account before they try to hack you. Most Netflix hackers will send phishing emails to lots of targets and wait to see who gives up their login information. Those who don’t have Netflix accounts won’t have anything to give up. Attackers simply rely on a few email recipients having Netflix accounts.

An image of a Netflix screen and a remote control.
Netflix is a trademark of Netflix, Inc.

The most common scams targeting Netflix users

Netflix scams can come in several forms, although most use similar phishing techniques. The following are some of the most common Netflix scams.

Netflix scam email

A Netflix phishing scam might target you via email. Phishing emails try to convince you that they’re from a trusted source, get you to click a link, and prompt you to enter your information or download malware. For example, a Netflix scam email might claim to be from Netflix and try to get you to click a link to secure your account. If you click it, you’ll be taken to a scam website that collects your information.

Netflix text message scam

A Netflix scam text message might state that you need to follow a link to recover your Netflix account or prevent it from closing. This link will instead take you to the attacker’s site, where they can collect your data or use social engineering strategies to trick you into downloading malware onto your device.

Fake Netflix websites

More often than not, whether you receive it via text, email, or another method, a Netflix phishing link will lead you to a fake Netflix website (a spoofed Netflix). The hacker will hope that you believe it’s the real Netflix and enter your login information. In reality, it will be the hacker’s own website that they’ve designed to look like Netflix, and they’ll receive your login information.

Netflix billing scam

Sometimes, a Netflix scammer will try to do more than steal your login info. They’ll try to steal your bank account information, too. In these cases, the attacker might send you an email or text that appears to be from Netflix, claiming that there’s been a problem with a recent bill. They will then urge you to enter your banking information again so you can keep using the video streaming service.

Unauthorized charges

If you’ve been charged by Netflix after you previously had a subscription but canceled it, someone might have accessed your account or your device and restarted your subscription.

If you’ve never owned a Netflix account and you’re being charged, someone might have used your card to open an account. And if your bank statements show that you’re being double charged when you only pay for one Netflix subscription, a hacker could be charging something else to your card but calling it “Netflix.”

Membership expired Netflix email scam

Most Netflix scams happen over email, and one of the most common scam emails says your Netflix membership has expired. This Netflix renewal scam might then claim that you need to log in to restart your membership. It might also attempt to convince you to enter your payment information. The problem is that it will get you to do this on a fake website that transmits all the information you enter to the hacker.

Netflix survey email scam

Some Netflix users have their accounts compromised after being directed to a fake Netflix survey page that’s actually a phishing site. A phishing email directing users to this fake page will likely say that if the user fills out this survey, they could win a reward, such as a discount on their Netflix subscription.

Netflix account scam alerts

One common kind of Netflix scam involves sending you a scam alert about your Netflix account. The alert might say that your account is at risk or is compromised, and you need to log in or provide your details to secure it. The goal is to create a sense of urgency so you overlook the possibility that the email could be a scam and instead take action right away.

How to spot a Netflix scam

Because Netflix scams are usually emails that try to trick you into believing they’re sent from Netflix, the best way to spot one is to check that each email is really from Netflix. And, when in doubt, play it safe — don’t click any links, divulge any information, or download anything from an email or text message that you’re not sure about.

Here are some signs that a message isn’t legitimate and you’re dealing with a Netflix scam.

Unrecognized email address

Official Netflix emails come from an @netflix.com email address. If you receive an email that claims to be from Netflix, check the spelling of the sender’s email address carefully. Scammers will often add additional letters or make minor changes that they think might go unnoticed. For instance, they might change “Netflix” to “Nettflix.”

Note that just checking for an official email address or phone number isn’t always enough to spot every Netflix scam. More sophisticated scams might forge the email header to make it seem like it’s coming from an official address or number.

Generic greeting

As previously mentioned, most Netflix scammers don’t target specific individuals whom they know have Netflix accounts. Instead, they send lots of emails to many different people in the hope that some of them will have an account and be tricked into clicking their phishing link.

Because of this, and because a scammer won’t have access to your real name from your Netflix account page, a lot of Netflix scam emails won’t use your real name. Instead, the email will use a generic greeting. If an SMS message or email purports to be from Netflix but doesn’t refer to you by name, be on your guard.

Netflix says it will “never ask for payment through a 3rd party vendor or website.” An official email from Netflix should only contain links to the official Netflix.com website. If a URL in an email or text message doesn’t begin with https://www.netflix.com/, it might be a scam.

You can usually check where a link leads just by hovering over it, but you can also right-click it and select “Copy link address” or “Copy link location.” On mobile, you can long-press the link to see the option to copy the link. Then, you can paste this link into a text editor such as Notepad or Notes and see where it’s taking you before you click it.

A screenshot of a browser phishing warning on a site linked to darcula.
A screenshot of a browser phishing warning on a site linked to a darcula phishing scam.

Asking for personal information

Netflix also says it will “never ask you to share your personal information in a text or email,” including your credit or debit card number, your bank account details, or your Netflix password. If you receive a text or email asking for any of these things, you can assume it’s a scam.

Urgent requests

Many Netflix phishing attacks try to create a sense of urgency so you overlook anything suspicious and act quickly. If you receive an email about Netflix that seems urgent, such as a request to verify your information to prevent your account from closing, don’t rush into action. Carefully check the message to see if it is legitimate.

Bad spelling and grammar

One telltale sign of a phishing email or text message is bad spelling and grammar. While even companies like Netflix aren’t impervious to spelling and grammar mistakes, it’s far less likely for an official email to contain mistakes than it is for a phishing email. If you spot misspellings or misplaced commas, consider it a red flag.

What to do if you’re targeted by a Netflix scam

If you’re targeted by a Netflix scam, the most important thing is to recognize it. And, of course, don’t click on any links or download any attachments from the scam email or text message.

If you discover that you have mistakenly entered your Netflix login information into a scam website, quickly log in to Netflix and change your password. If you’ve given away your bank account details, contact your bank immediately.

How to report phishing emails or scam texts to Netflix

Apart from keeping yourself safe, you can also keep others safe by reporting scam emails and texts pretending to be from Netflix. By reporting these suspicious emails and texts to Netflix, the company can take action and hopefully prevent other users from being scammed.

To report Netflix scam emails:

  1. Click the Forward (rightward-facing) arrow at the top right-hand side of the scam email. You might need to click the More (three dots) button to see this option.
  2. Enter [email protected] in the recipient box.
  3. Hit Send to forward the phishing email to Netflix.

To report Netflix scam texts on your iPhone:

  1. Hold your finger on the scam text message.
  2. Select More…
  3. Select the Forward (right-pointing) arrow at the bottom right-hand side of your screen.
  4. Enter [email protected] in the recipient.
  5. Hit send to forward the phishing SMS message to Netflix.

How to stop Netflix scam texts

While there’s no way to ensure you’ll block every scam text, you can take steps to make it less likely that you receive them. Here’s how to stop getting Netflix scam texts:

  1. Block the scam number. On iPhone, navigate to Settings > Phone > Blocked Contacts > Add New.
  2. Remove your phone number from public-facing websites. If your phone number isn’t shown on any websites, it’s less likely that scammers will find it and add it to their list of targets.
  3. Filter messages from unknown senders. On iPhone, go to Settings > Messages. Scroll down to Message Filtering and turn on Filter Unknown Senders. This will help to ensure that spam emails don’t arrive in your main text message inbox.
  4. Report the spam message. On an iPhone, if the message is from an unknown sender, you should see an option at the bottom of the message to report it by selecting Report Junk > Delete and Report Junk.
  5. Change your phone number. If all else fails, you can contact your carrier and ask to have your phone number changed. This might be necessary if you’re getting lots of scam or spam text messages, because this might be a sign that your number’s been put on one or more lists of targets for scammers.

How to stop unauthorized Netflix charges

If you notice that you’re still being charged for Netflix after canceling your Netflix account and you suspect that someone has restarted your subscription, change your password immediately. Scan your devices for malware and ensure that nobody you know has access to your account in person. Check the Netflix Manage Access and Devices page, where you can sign out of any devices you don’t recognize.

As previously noted, if you own an account but it looks like you’re being double-charged, this is a red flag. Also, if you’ve never owned a Netflix account and your bank statements show that you’re being charged for a Netflix subscription, someone could be using your card for their account. In both cases, you should report the activity to Netflix via the company’s contact page.

How to protect your Netflix account from scams

Apart from not following links and downloading attachments from spam emails and texts, there are other measures you can take to prevent your Netflix account from being compromised. Here are some steps you can take to protect your Netflix account from scams.

Add a recovery phone number

It might seem counterintuitive to attempt to receive text messages from Netflix when scam texts are the problem, but receiving official texts from Netflix can help in a worst-case scenario in which your account has been compromised. If a scammer accesses your account by entering your username and password, you should be able to restore access to your account and boot the hacker out if you’ve set up phone recovery.

To add a recovery phone number:

  1. Visit the Netflix Change Phone Number page.
  2. Confirm your identity.
  3. Add your phone number and hit Next.
  4. Confirm the phone number by entering the verification code that was texted to you.

The safest way to protect your Netflix account is to avoid clicking any links or downloading attachments in text messages or emails unless necessary, and only if you’re certain they’re from an official source. If a message from Netflix asks you to take some sort of action, it can usually be done by logging in to Netflix yourself and navigating through their pages and menus.

Use a password manager

Using a password manager can help keep your Netflix account secure because it ensures you use strong and unique passwords for your various accounts. If your Netflix password is unique, other account breaches shouldn’t compromise your Netflix account. And if your Netflix password is strong, hackers shouldn’t be able to guess it or crack it.

Keep malware off your devices

Some Netflix account hacks can be caused by malware on your device, such as a keylogger recording your Netflix username and password when you enter them and then sending this information back to an attacker. To prevent this, ensure you keep your devices free from malware by running regular malware scans. CleanMyMac X, for instance, has a Malware Removal tool that can run in the background to keep your Mac safe from malware.

A screenshot showing how to remove spyware with CleanMyMac X.

It might be scary to be targeted by a Netflix scam, but rest assured that they’re quite common. And there are many things you can do to stay safe from these scams, such as using a password manager and adding a recovery phone number.

The main measure you can take is to look out for signs that an email or text message could be from a scammer. If you think a message could be a scam, don’t click any links, and don’t download any attachments from it. Instead, report it and delete it.

This is an independent publication, and it has not been authorized, sponsored, or otherwise approved by Netflix, Inc. Netflix is a trademark of Netflix, Inc.

Jacob Fox Jacob Fox
In addition to being an academic, Jacob is a lifelong technology expert and cybersecurity writer who has helped his readers understand information security for almost five years. He has written for TechRadar, PCGamer, and other online technology publications.