If you receive an email from Netflix informing you that your credit card no longer works, be very careful how you respond.
Mailguard, an Australian cyber-security firm, is warning that fraudsters are using "brandjacking" emails in hopes of capturing consumers' credit card information.
Brandjacking is an increasingly common tactic used in phishing scams. The email is designed to look like it's coming from a well-known institution. It might be a major bank or a utility company.
In this case, the bogus email appears to come from Netflix -- a video streaming service with millions of subscribers worldwide -- and at first glance the email appears to be the real thing.
In bold letters at the top, the email informs the recipient that payment for Netflix services has been declined and that credit card information must be updated.
There is a button to click to update credit card information. But the link takes you to the scammer's website where you are asked to enter credit card information, which will then be sold on the Dark Web.
This scam is dangerous because so many people who are receiving this email are Netflix customers. Their first response may be to click the button and provide the requested information.
But there is a safer course of action. Should you receive one of these emails, type the Netflix URL into your browser and log into your account. After you’re signed in, click on your personal icon in the upper right corner of the page, then click on "account." Then click on "update payment info."
If there is a legitimate problem with your credit card, you'll see a message there informing you of that fact. If you're still not sure, you can re-enter your credit card information or enter the information for a different credit card.
A closer look at the email, however, might save you the trouble. If the email mentions that your American Express card was declined, but Netflix uses your Visa, then the email is an obvious fake.
Also note the spelling of certain words. Emails sent to customers in the U.S. should refer to the "Help Center," not the "Help Centre."
Phishing scams can take different forms. Besides directing a potential victim to a phony website, they can also contain attachments that can unleash malware, including ransomware.
The Federal Trade Commission (FTC) offers these tips to stay safe.