It's usually fairly simple to tell when someone is trying to scam you via email. But a few scammers have gotten really good at it and can fool even the most attentive of us. For example, this "Netflix" scam is an easy trap to fall into.
Here's what happened. When I checked my emails this morning, I had a very realistic looking email from "Netflix" saying that my monthly "subscription payment failed."
Fortunately, there was a handy sign in link right there in the email... and I almost hit it. But then, the smarter version of me kicked in, and I thought: "I should really just go directly to netflix.com, without clicking the sign in link."
That was a wise move. Turns out my last subscription fee was paid in August (no problem) and wasn't even scheduled to pay again until 12 days from now. Clearly, a scam. But just to be sure, I went back to the email and discovered that it wasn't from Netflix. So yeah, I dodged a bullet.
Why would a scammer want me to sign in? Well, there's the obvious. If they can get my payment details, they can use my credit card info for whatever nefarious transactions they may have in mind.
But there's another reason, one I'd never thought of before: they are stealing log-in credentials to sell on the dark web. This is apparently big business. So many of us have Netflix accounts that allow multiple users -- ours has four streams at one time, and we rarely use even two. So if the scammers get your credentials, they can sell them and you might be none the wiser. I read somewhere (and I can't find it again, sorry) that the person who buys the stolen credentials will be told NOT to set a profile or save any shows to favorites. Because if they do that, the person who actually owns the account will realize something is up. In other words, someone could be using your Netflix account right now -- and you would have no idea.
Here's the good news: You can beat the scammers at their own game. Netflix is getting into the habit of sending emails to let people know that another device has been logged on. If you don't recognize that device, chances are they aren't legit. (Although check with your child off at college, right?). You can also log out all devices and then re-set your password.
From the Atlantic.com:
In the settings page, click the option to sign out all devices: This will kick out any unwanted users on the account. After the purge, change your password, and share it only with authorized users—and then go back to binging on reality TV without worry.
By the way, log-in credentials are being sold on the dark web for Hulu, HBO, whatever you can think of really. At Hulu, you can check to see what devices are logged in. If you don't recognize one, log it out and then change the password. For any other devices, just check your settings.