Be careful if you receive this because it is a trick to steal your account!
The trap is simple. Known as ‘smishing‘, the sending of fraudulent messages is a practice that attempts to impersonate a company or institution – frequently with texts that pressure users to take action – with the purpose of obtaining the credentials or personal data of the victims:
”The payment method might not have enough money(…)Your Netflix subscription has been suspended. Please sign in to update your information using the link below.” This is the message that hundreds of users have received on their mobile phones after Netflix announced the end of shared accounts. The notice may seem true since it coincides with the moment in which the streaming platform has asked its users to establish a main location, but it really is a scam.
In this case, the purpose of the ‘smishing’ campaign is for the user to click on a link that is attached to the sent text and that gives access to an interface that mimics the Netflix website.
The deception can go beyond stealing company credentials. By clicking on the ‘Next’ button, a form will begin that asks to insert the billing information (name, surname, address, telephone number, postal code, and date of birth). Subsequently, it will request to enter the bank details through another form.
After entering the requested data, the user is informed that a code will arrive at the telephone number provided. Whatever code is entered in the box—true or not—you will receive a message showing that the account has been verified.
What do I do if I have been a victim of the scam?
Netflix remembers that it will never ask its customers to provide personal information through an email or text message. Likewise, it will not request payment through a third-party website. For those who have clicked on the link and entered the credentials, the first step is to “check if you still have access to your Netflix account”. If so, immediately change the password. If you use such a password on other online accounts, it is advised that you change it as well.
If you are subscribed to the streaming platform and you have received an SMS indicating that the payment has been erroneous, you have clicked on the link where you were redirected, supposedly to Netflix, and you have entered your access credentials (username and password), surely you have been a victim of this scam. If that is your case, it is recommended that you contact the Netflix provider. Likewise, the company asks to send them the fraudulent SMS in question.
Finally, if you entered your credit card information, the advice is to “immediately contact your bank or the emergency telephone number of the company issuing your credit card to proceed to block or cancel charges made recently or future movements”, guarantees the OSI (reference model for network protocols).
–
Andrea Esteban
