A new Netflix phishing campaign is targeting users, and it seems to be gaining momentum. Scammers are impersonating Netflix, sending out fake job offers designed to direct users to fake sites where their Facebook credentials are stolen in real time. Dive into this report to learn why they want your Facebook account and how to spot this scam from a mile away.
Did you get a job offer from Netflix? The sender is likely after your password
On August 14, Malwarebytes reported that scammers are going after job seekers, luring them with legitimate-looking job offer emails. While the scam itself isn’t sophisticated, Malwarebytes researchers claim that the threat actors are skilled in cyber breaches, as they can intercept passwords in real time.
This new Netflix scam (not the first of its kind and likely not the last) starts out with an email. The victim, seeking to schedule an interview, is then redirected to a fake site that impersonates Netflix’s HR hub. Eventually, the victim is asked to enter their Facebook credentials.
And here is where things get interesting. “The phishers use a websocket method that allows them to intercept submissions live as they are entered,” Malwarebytes explained.
This means that when the victim is on this fake Facebook login site, the attackers can see the password and username the victim is typing into the browser page in real time.
This allows them to try out the credentials on the real Facebook site and see if they work. If the passwords don’t work, the attackers simply send the victim a “wrong password” message. According to Malwarebytes, the attackers could also potentially ask victims for their MFA codes.
All this trouble for a Facebook password?
This phishing scam/cyberattack is rather elaborate. The threat actors behind the campaign must have dedicated long hours, if not days, to designing, coding, and setting up the campaign.
So, why go through all this trouble just to steal a Facebook password? Why not go after user data?
Facebook accounts are extremely valuable to cybercriminals and scammers because, through these accounts, threat actors can create massive ad campaigns and run them until the stolen account is flagged by Facebook itself. This usually takes a long time.
So, basically, these scammers aren’t actually after the victim’s data (though they will take that, too). Instead, they are after Facebook accounts to run scams, phishing email campaigns, and fake ads by abusing Meta’s ads platforms, potentially reaching millions of people.
“We often see phishing campaigns like these that are explicitly designed to steal the credentials of marketing managers, social media staff, and especially those who have access to company Facebook Pages or business accounts,” Malwarebytes said.
We often see phishing campaigns like these that are explicitly designed to steal the credentials of marketing managers, social media staff, and especially those who have access to company Facebook Pages or business accounts.
Malwarebytes
Facebook accounts are also leveraged by cybercriminals and scammers for other campaigns, such as Facebook Messenger phishing, demanding ransom to return the account to the owner, identity theft, and other account takeover crimes currently on the rise, according to New York authorities in 2025.
There is no official report on how many Facebook accounts are taken over every year or the impact these takeovers have on the global cybersecurity landscape.
The Netflix fake job offer rabbit hole goes deeper
We decided to take a closer look at the email that Malwarebytes found, and we quickly discovered that this is far from being an isolated case. In fact, we found several users reporting and warning about this Netflix fake job offer scam over the past month.
For example, on Reddit, we found users posting about being contacted by fake Netflix job email phishing scammers. While the emails varied slightly from those shared by Malwarebytes, we believe all these emails are connected to the same campaign and threat actor.
Users have reported Netflix scams originating from email addresses that end with:
- @netflixworkplaceefficiencyhub.com
- @netflixworkmotivation
- @netflixtalentnurture.com
Keep an eye out for any emails ending with these words, and do not reply to them.
You should also stay away from the fake Netflix HR hub site, identified by Malwarebytes as:
- hiring.growwithusnetflix[.]com
We checked out indicators of compromises for this campaign and found that they no longer existed. WHOIS data on these fake impersonation sites appeared blank, as if the sites never existed.
This is a clear signal that whoever is behind this bulk Facebook account takeover cleared their tracks after Malwarebytes sounded the alarm and is well-experienced in running these crimes.
Other active Netflix scams and suspicious sites to stay away from
Besides this Netflix fake job offer scam, we also found a network of suspicious and shady sites linked to other Netflix scams. In these scams, victims are contacted with fake jobs offering cash or rewards for watching Netflix shows. These get-paid-to-watch-Netflix scams direct users to different sites.
Among the sites we checked, which included Netflix review scam sites and sites that appeared suspicious, some of those that are still active include:
- Flixreview[.]com (shady mobile QR request)
- captcha[.]club (the same shady mobile QR request)
- boujeestacks[.]com/tiktok/
- Levelbucks[.]com (suspicious reward card featuring Amazon, PayPal, and other brand gift cards)
- unlockrwrd[.]com
Some of these sites offer a QR code (which we suggest you never scan) or are designed as rather complex reward hub sites, as is the case with Level Bucks.
Needless to say, if you do land on any of these sites, do not scan QR codes from the browser with your phone, and do not engage with shady, suspicious rewards sites that “pay for tasks” like watching Netflix shows.
We believe there are at least several dozen Netflix scam sites online, because it took us only a couple of hours to find a few.
How to report phishing Netflix scams
Netflix has a process to report scams and phishing emails. The company asks that users not give away information to scammers. Netflix also recommends that users not click on any links in suspicious messages or reply to them.
“Don’t click any of the links or open any of the attachments,” they add.
If you get a suspicious Netflix message, simply forward the email to [email protected] and delete the message. If your email is rejected by Netflix when you forward it, it means they have already received a copy of that message.
If you get suspicious emails or SMS on your iPhone or iPad:
- Tap and hold the message that you want to forward.
- Tap More… and select the Forward arrow.
- Enter [email protected].
- Tap Send.
- Delete the message.
Final thoughts
Netflix scams will continue to thrive as long as the platform remains popular. Scammers and cybercriminals impersonate Netflix because users have a high degree of trust in the service and company.
To stay safe, use your common sense. Whether it’s a Netflix job offer from out of the blue, a chance to “get paid to watch TV shows,” or other types of offers sent through email, SMS, or social media message, keep your guard up. Think twice before clicking on anything. And if you have a Facebook account, we suggest that you enhance your security and enable multi-factor authentication.
This is an independent publication, and it has not been authorized, sponsored, or otherwise approved by Meta Platforms, Inc. Facebook is a trademark of Meta Platforms, Inc. Netflix is a trademark of Netflix, Inc.
