Over the last few weeks, I have received emails that looked legitimate but instead were attempting to steal my information. For the unsuspecting person, these emails may seem like they were real and simply asking to update billing information. When looking into the emails further there were a few signs that something was not right. If you receive an email like this, here are some steps you can take to verify that it is actually real or a scam.
The first email I had received came from Netflix. The subject read “Update Your Payment Method” and it was informing me that the company was struggling to authorize my credit card for payment. It told me to verify my payment method at netflix.com/YourAccountPayment and if the payment did not go through, I should contact my credit card company. The email had the Netflix logo, the web address seemed legitimate since it did say netflix.com, and it came from a seemingly Netflix email address. Looking at the email further, it revealed everything is not as it seems and this email was not from Netflix at all.
The first step to ask, why am I receiving this email? I personally do not have a Netflix account so why would I be receiving an email address from Netflix asking me to update my billing details; answer: I wouldn’t. But if I did, the next step is to verify the email is to check the sender. On the iPhone, you can tap Details and then tap the From name or in iCloud, you can tap More and then tap the From name. This will open a contact card where you can add the person or business to your contacts, and it will display the email address of the sender. This one came from firstname.lastname@example.org, which is not a true Netflix email. If I receive any correspondence from Netflix, I would expect it to come from an @netflix.com email address. The next step is to look for spelling errors and this email is littered with them. Any email sent will be spell checked again and again before any company will send an email to their members since the email is a reflection of them. This email had an error in the subject with a space between the last letter and punctuation, “authorizing” was misspelled, and “Credit” was capitalized in credit card, to name a few. The phone number to call Netflix also started with a 0, but all numbers in the United States start with a 1. An company doing business in the United States, like Netflix, would know to write 1-800, not 0800 for the beginning of the phone number.
If this information was not noticed and you did click on the link, there are a few more clues that this is a fraudulent email. The website in the email appears to be netflix.com/YourAccountPayment, but the link attached does not go to netflix.com. It instead goes to a dummy site that is set up to look identical to the Netflix website. Looking at the search bar in Safari, the address is written as cp33.deluxehosting.com. If it was a true Netflix website, it would say netflix.com. The dummy site asks for my username and password, as Netflix would, but clicking on any link other than “Sign In” brings you back to the same page. Even clicking on “Sign In” without entering any information advances you to the next screen, where the site asks for my billing address and phone number. Again, without entering any information, “Update Billing Address” takes me to the next section. This is the interesting part since “Netflix” is apparently asking for my Social Security Number and a “3D Password” in addition to my credit card information. Netflix does not know my SSN and there is no reason for them to know this. Scammers, however, can do a lot with a SSN. Skipping through this section brings me to screen with a check mark that says “Your account Has Been Updated” and it automatically forwards me to the real Netflix.com.
I also have received other fraudulent emails from iTunes that displayed similar errors and also asked for my social security number. If you receive an email asking for updated billing information, make sure you were expecting it and that all the clues point to it being a real email. If you are in doubt, call the company that sent it by googling their phone number (not taking it from the email) and asking them if the email is theirs. This is the best way and, in most cases, you can proceed with updating your billing information over the phone. Scammers can easily copy and paste logos, recreate websites, and use wording that makes you feel pressured to act, but the spelling errors, broken links, and true website addresses are red flags that something is not right.