While criminals are finding new ways to target consumers every day, there's one type of scam that continues to work over and over again.
By creating fake emails and websites that look identical to the ones consumers are used to seeing, it's easy for scammers to trick people into thinking they're dealing with the legitimate companies they do business with.
And nothing is off limits, which means any email asking for your personal information could be a scam.
Beware of fake Netflix email requesting you to update your info
Netflix customers have been receiving emails asking them to update their membership information, including credit card number and other info. A link the email then sends users to a website that looks very similar to an official Netflix login page.
At that point, the fake site reportedly requests users to update the following information:
- The name on their credit card
- Credit card number
- Card expiration date
- 3-digit security code
- Social Security number
The link then redirects customers to the actual Netflix website.
The video streaming company said that it will never ask for personal information in an email – including payment information, Social Security number or account password.
But what makes this version of the scam so dangerous is that criminals know how much Netflix users rely on that content. So when they get an email about potentially getting locked out of their account, users are quick to update that info as soon as possible.
This is what makes this scam so successful in general -- thieves are preying on consumers by leading them to believe they could lose access to some type of service or account that they rely on and use frequently.
Bottom line: Never let your guard down, regardless of how legit an email looks. If you get a request to update personal information, go to the company's website directly -- don't click on any links sent in an email!
Another Apple-related Netflix scam to watch out for
This isn't the first Netflix phishing scam to catch users off guard.
If you receive an emailed bill for a Netflix subscription that doesn't seem quite right, then it probably isn't.
According to a report from This is Money, criminals are targeting Apple users with a Netflix related scam aimed at stealing their bank account information.
How the scam works
You get an email claiming to be from Apple with what appears to be a receipt for purchases made on your iTunes or App Store account -- and sometimes the fake receipt is for a subscription to Netflix.
When a target of the scam opens the email and realizes something isn't quite right -- and that someone must have hacked their account to pay for Netflix or whatever else is on the receipt -- they then click on the "refund" or "manage subscriptions" link in the email.
That's when things get bad.
Like other phishing scams, the links in the email don't take you to the company's official website, but instead to a scam site that looks just like the real thing.
So when you click the link, you're taken to a page that prompts you to enter your credit card details in order to get the "refund."
And you've just given criminals access to your credit card. If you entered a debit card number, you just handed over access to your entire bank account.
Here's an example from This is Money of what the scam may look like.
Variations of the scam and how to avoid it
The scam doesn't just involve fake Netflix subscriptions. The email may include fake receipts for all kinds of purchases made from your App Store or iTunes account, including songs, albums or anything else available for purchase on these platforms.
If you get an email with receipts for purchases you don't recognize, or the email prompts you to click a link to provide your information, do not click any of the links. Take a screen shot of the email for your records and then delete it.
Here's Apple's official policy and recommendations for avoiding these types of scams, as stated on its website:
"The iTunes Store will never ask you to provide personal information or sensitive account information (such as passwords or credit card numbers) via email."
Apple also says the iTunes store will never ask you to provide any of the following information via email:
- Social Security Number
- Mother's maiden name
- Full credit card number
- Credit card CCV code
Here's how Apple handles official account-related issues:
In general, all account-related activities will take place in the iTunes application directly, not through a web browser. If you are asked to update your account information, make sure that you do so only in iTunes or on a legitimate page on Apple.com, such as the online Apple Store.
So if you aren't sure whether fraudulent charges have in fact occurred on your account, or whether some other issue may need to be resolved, go directly to your iTunes account or official Apple website -- never through links in an email.
If you receive an email you think may be a scam, you can report it on Apple's iTunes Customer Support website.
More tips to avoid common email scams
Phishing is a way for criminals to carry out identity theft by using fake websites, emails and robocalls to try and steal your personal information -- including passwords, banking info, Social Security number and other sensitive data.
Here are a few ways to avoid these types of scams:
- When it comes to spotting potentially-dangerous websites, before you go to an unknown site, double-check the spelling of the web address/URL by first doing a search for it. The site could be a fake scam site, and in some cases, criminals have created fake sites by using common misspellings of popular websites.
- If you receive an email claiming to be from your bank or other company that has your personal information, don't click on any of the links. It could be a scam. Instead, log in to your account separately in a new window to check for any new notices. You can also call the company directly to ask about the information sent via email.
- Don't click on any links in an email you weren't expecting. Do a search about whatever the sender claims to want or be offering you to make sure it's legitimate. If you aren't sure, do a search for the company and then call them directly.