The issue has gotten so bad, in fact, that government agencies like the FTC are taking action to warn consumers about the dangers they face every day in their inboxes. Tap or click here to see what the FTC wants you to keep an eye out for. But out of all the websites being used for phishing schemes, the unexpected leader happens to be none other than Netflix. It appears to have become one of the top targets for hackers and cybercriminals, which are using email scams to steal account logins and passwords. Here’s why this is happening, as well as what you can do to secure your account.

Netflix becomes a top target for phishing scams

Your Netflix account is a lot more valuable these days than ever before. Thanks to the pandemic raging across the world, people are tuning into streaming services for escape and relaxation — but not everyone can afford to pay or access these networks in their countries. As a result, hackers are turning their sights on American Netflix accounts, which can easily be sold to users on Dark Web marketplaces for low-effort profit. According to reports from cybersecurity firm Webroot, the volume of Netflix phishing attacks has skyrocketed in recent months, with a 60% increase in recorded attacks compared to July of last year. But if you look at the entire lockdown period encompassing March through July of 2020, the numbers get even more startling. Phishing URLs targeting Netflix users jumped up 646% compared to the same range of time in 2019. But Netflix isn’t the only one. YouTube hacks have also spiked by nearly 3,064%! It’s become a top candidate for enterprising hackers due to monetization, which allows accounts with lots of followers to earn revenue from ads. Tap or click here to see how much money stolen YouTube accounts can fetch on the Dark Web. But it’s not just an increase in the number of attacks that researchers are seeing. Based on emails submitted to researchers, it appears that the scams themselves are actually getting better. They’re employing more accurate spelling and grammar than previous versions, and graphic contents are matching far better to official Netflix correspondence. At this point in time, if you get a Netflix email in your inbox, you might want to keep your skepticism up out of an abundance of caution. Unless you’re purposely resetting your password (or doing something else that would prompt Netflix to email you), it’s probably a scam.

What’s the easiest way to spot these scams to protect myself?

Almost all phishing emails have one significant weakness: They can’t hide the email source very well. Due to how email works, you’ll always see the domain name of the sender if you peek in the sender field of a message. Even if the domain seems normal, always look at the very end where the @ is located. If it’s not from Netflix.com, it’s a scam. In this copy of a Netflix scam obtained by Tech.co, you can see the sender domain isn’t coming from Netflix. Instead, it’s from some other garbled domain that was likely bought for the express purpose of stealing your data. And when it comes to the emails themselves, you can usually poke holes through them — no matter how realistic they look — if you keep a few things in mind.

Pay attention to whether or not the email addresses you generically (Dear Netflix customer) or personally (with your name).Avoid clicking any links in the messages whatsoever.Never engage with the emails if you’re not familiar with the sender. Never download any email attachments unless you’re 100% sure of what they are, why they were sent and who sent them. Netflix also probably won’t send you any attachments ever, so you can be extra skeptical if a Netflix email contains one.If an email asks you for personal information or login credentials, simply ignore it. Netflix states that it never asks for this information. 

Scammers may be trying their hardest, but as long as education and security research exists, they’ll have to step up their game. Thankfully, with phishing scams, having a sharp eye is all it takes to stay protected. Tap or click here to see another ultra-realistic-looking email scam.