By: Alex Thomas Salder, clarkhoward.com
If you’ve received an emailed bill for a Netflix subscription that doesn’t seem quite right, then it probably isn’t.
According to a report from This is Money, criminals are targeting Apple users with a Netflix related scam aimed at stealing their bank account information.
How the scam works
You get an email claiming to be from Apple with what appears to be a receipt for purchases made on your iTunes or App Store account — and sometimes the fake receipt is for a subscription to Netflix.
When a target of the scam opens the email and realizes something isn’t quite right — and that someone must have hacked their account to pay for Netflix or whatever else is on the receipt — they then click on the “refund” or “manage subscriptions” link in the email.
That’s when things get bad.
Like other phishing scams, the links in the email don’t take you to the company’s official website, but instead to a scam site that looks just like the real thing.
So when you click the link, you’re taken to a page that prompts you to enter your credit card details in order to get the “refund.”
And you’ve just given criminals access to your credit card. If you entered a debit card number, you just handed over access to your entire bank account.
Here’s an example from This is Money of what the scam may look like.
Variations of the scam and how to avoid it
The scam doesn’t just involve fake Netflix subscriptions. The email may include fake receipts for all kinds of purchases made from your App Store or iTunes account, including songs, albums or anything else available for purchase on these platforms.
If you get an email with receipts for purchases you don’t recognize, or the email prompts you to click a link to provide your information, do not click any of the links. Take a screen shot of the email for your records and then delete it.
Here’s Apple’s official policy and reccomendations for avoiding these types of scams, as stated on its website:
“The iTunes Store will never ask you to provide personal information or sensitive account information (such as passwords or credit card numbers) via email.”
Apple also says the iTunes store will never ask you to provide any of the following information via email:
- Social Security Number
- Mother’s maiden name
- Full credit card number
- Credit card CCV code
Here’s how Apple handles official account-related issues:
In general, all account-related activities will take place in the iTunes application directly, not through a web browser. If you are asked to update your account information, make sure that you do so only in iTunes or on a legitimate page on Apple.com, such as the online Apple Store.
So if you aren’t sure whether fraudulent charges have in fact occurred on your account, or whether some other issue may need to be resolved, go directly to your iTunes account or official Apple website — never through links in an email.
If you receive an email you think may be a scam, you can report it on Apple’s iTunes Customer Support website.
More tips to avoid common email scams
Phishing is a way for criminals to carry out identity theft by using fake websites, emails and robocalls to try and steal your personal information — including passwords, banking info, Social Security number and other sensitive data.
Here are a few ways to avoid these types of scams:
- When it comes to spotting potentially-dangerous websites, before you go to an unknown site, double-check the spelling of the web address/URL by first doing a search for it. The site could be a fake scam site, and in some cases, criminals have created fake sites by using common misspellings of popular websites.
- If you receive an email claiming to be from your bank or other company that has your personal information, don’t click on any of the links. It could be a scam. Instead, log in to your account separately in a new window to check for any new notices. You can also call the company directly to ask about the information sent via email.
- Don’t click on any links in an email you weren’t expecting. Do a search about whatever the sender claims to want or be offering you to make sure it’s legitimate. If you aren’t sure, do a search for the company and then call them directly.