It seems that criminals are using Gmail or Yahoo to send a message pretending to be from Netflix to gain access to a bank account. Cybercriminals are back with a new sophisticated scam aimed at tricking Netflix users into disclosing important information such as login credentials, addresses, and credit card information. This ad was discovered recently and stands out for its high degree of persuasion, which flawlessly mimics the appearance and format of the streaming platform’s official emails.
Experts recommend deleting these suspicious emails, as criminals are using Gmail and Yahoo to access bank accounts
The scam begins with an email that appears in the victims’ inbox with the subject line ‘Let’s modify your payment details’. In the message, the victim is notified that there was a billing issue and that their account has been temporarily suspended until payment information is changed. Inside the email, there is a red button labeled ‘UPDATE YOUR GMAIL ACCOUNT NOW’. When the user clicks, they are taken to a web page that appears to be authentic, with the Netflix logo, corporate colors, and links to the company’s help area. Once on the bogus site, the user is prompted to enter their Netflix email address and password.
They are then prompted to enter their home address and payment information, saying that these are required to renew the service. If the victim provides these details, the scammers will get access to their account and banking information. While the bogus email and website are quite convincing, there are warning indications that can help spot fraud, such as:
- From address: Netflix will never send emails from questionable or generic domain names. It is critical to ensure that the email originates from an official source.
- Mistakes in wording:Â Frequently, fake emails contain grammatical faults or poorly organized sentences.
- Suspicious URL: Before clicking on a link, mouse over it to see if the address matches that of Netflix.
- Requests for sensitive data: Netflix will never request financial information or credentials over email or text message.
What should people do if they receive a suspicious Gmail or Yahoo email
If a user enters their information on the bogus page, you must act quickly:
- Change your Netflix password immediately to ensure it is secure and unique.
- Check the bank account status for any unusual activity.
- Contact the bank to report any potential financial data breaches and, if required, block the card.
This is what people should do so they won’t lose their Gmail account
Google has confirmed an update to Gmail but is warning its 3 billion users. Take care. Because this is how you maintain your email address. You risk losing access to your account and all of your content if you disregard our advice. You have a short window of time to get your Gmail account back if you lose it. There are no guarantees, however, and the damage that can be done in the interim is enormous. Google is understandably annoyed. The recent Gmail user attack is drawing attention to a more significant warning, despite only affecting a small percentage of users.
As innumerable stories explore how a phony email was delivered in a way that made it look as though it came from Google itself, the risk is that the advice will be lost in the din. Millions of people checking their Google emails that are automatically sent to them is an unpleasant sight. First, the fundamentals. No, you won’t be inundated with phony emails from no-reply@google.com or any other verified Google email address. These are unusual, targeted strikes, which explains why they first produce so many headlines. However, even if Google claims that its defenses now block 99% of these, you will still be inundated with harmful phishing correspondence. Additionally, you must modify your account settings to make sure you add a passkey and stop using SMS two-factor authentication.
More importantly, these sophisticated attacks on Gmail users purporting to be from Google are all based on two false premises: that Google support can contact you by email, phone, or message; and that if you ever receive an email or message regarding an account issue, Google can ask for any of your account credentials-including your password, one-time passwords, [or] confirmation of push notifications. The same is true if the company sends links to pages where you enter your credentials – it will not. Google has reiterated its warning to readers that it won’t call to reset passwords or troubleshoot account issues after a recent attack. However, the complexities of OAuth and DKIM checks to authenticate senders, including Google, may overpower this simple suggestion due to the complexity of these checks.
