ACMA issues warning about Netflix scam SMS
If you get a SMS warning that your Netflix Australia account is about to be shut down, ignore it.
Online scams are nothing new, but there’s clearly something in the water that’s leading the Internet’s shysters directly towards Australia at the moment. The latest target of the scam merchants are customers of popular Internet TV streaming service Netflix Australia, with a targeted SMS message apparently trying to get you to "update" your Netflix credentials.
If the use of quotation marks didn’t clue you in, it’s a scam that the ACMA has identified (via its Facebook page) as doing the rounds at the moment. The SMS leads you to a link that looks identical to a Netflix login page, even offering the opportunity to log in via Facebook.
Whatever you do, if you get the SMS, ignore it. If you’re at all concerned, open up a fresh browser window on your device of choice (or the Netflix app itself, depending on your environment) and log in from there. If Netflix has anything genuine to say to you, it will let you know then and there.
In the case of Netflix it’s unlikely that a scammer would be directly able to access your financial records from just a login, but it would give them access to a variety of your personal information that could be used for identity theft, or if you’re lax about password security, access to other services.
A brief reminder: It’s a very bad idea to use the same password across multiple sites for this exact reason.
Australians appear to increasingly be specifically targeted by this kind of fraudulent behaviour, with an illicit email purportedly coming from "Telstra" also being identified this week.
What should I do if I’m concerned by an SMS message?
Scam like this work because they make you panic. When human beings panic, they don’t always think before they act, and they’re designed to take advantage of this fact. As noted, if you are worried by an SMS sent from Netflix -- or for that matter any other online institution you deal with -- your best bet is to remain calm and contact them via some other means, be it phone, email or web site login. Don’t follow any prompts in an SMS or email, but instead open up a fresh browser instance and make sure you log in directly from the proper URL to check any legitimate communications from there.