The U.S. Federal Trade Commission tweeted Friday that consumers should be on the lookout for a phishing scam disguised as a routine email from streaming giant Netflix that appears to have been making the rounds for months.
FTC Consumer Education Specialist Colleen Tressler surfaced the scam in a blog post on Wednesday with a screenshot of the message. The fake support email tells the recipient that their Netflix account is on hold and that they “may want to update your payment details” through an embedded link. While the email sports the Netflix logo, it also contains several telltale signs of a scam: It greets the recipient as “dear,” it uses the British spelling of “centre,” and it advertises a bogus phone number.
“We take the security of our members’ accounts seriously and Netflix employs numerous proactive measures to detect fraudulent activity to keep the Netflix service and our members’ accounts secure,” a spokesperson for Netflix told Gizmodo in a statement. “Unfortunately, scams are common on the internet and target popular brands such as Netflix and other companies with large customer bases to lure users into giving out personal information.”
The company did not respond to multiple requests for comment about when it became aware of the phishing scam.
Solon Police Department in Ohio shared an image of the same message distributed by the FTC on Facebook on Dec. 6., but reports of the scam appear to have been surfaced months ago by the U.K.’s Action Fraud, according to Engadget. In the screenshot shared by Ohio police, other visible red flags include fine print at the bottom of the email that says the message was sent to the recipient from a non-Netflix email account.
According to Action Fraud, clicking on the link in the email leads users to “genuine-looking Netflix phishing websites designed to steal your username and password, as well as payment details.”
Netflix states on its website that it will never request the personal information of its users over email, specifically passwords, Social Security numbers, or payment information such as credit card or bank account numbers. The company suggests updating a unique password every so often to protect your account.