Skip to main content

Watch out for this Netflix 'payment declined' phishing email scam

The message looks legitimate, and tries to trick users into giving up credit card info,

The Essentials

1. For the second time in recent months, Netflix's 110 million subscribers are being targeted by scammers with a very real-looking fake email.

2. First spotted by MailGuard, the email uses the Netflix logo and colors and uses the subject "payment declined." The body of the message explains Netflix couldn't authorize a card on file, and includes a link to update your card info.

3. That link brings you to a webpage that again uses the streaming service's branding (but is not a legit Netflix page), where there are fields to enter your email and card info.

What Else You Should Know

This is a clear attempt at a phishing email by using what MailGuard calls "brandjacking."

That's when an attacker sends a fraudulent email, but makes it look like it comes from a legitimate source – hoping you'll click over to a spoofed website and offer up private info, not realizing it's a scam.

A screengrab of another phishing email tweeted out is very thorough, saying it's an automatic email sent "during routine security checks" and including "Netflix Support Team" as the signature.

That information can be sold on the black market, used in identity theft, or leveraged to gain access to further accounts.


These are the 100 worst passwords of 2017 – do you use any of them?

So how do you spot a spoof email?

Check the sender's address. Looks for inconsistencies in your actual information and what the spoof email is saying. Scan for typos or formatting issues. Hover your cursor over links in emails to see where it sends you – or copy the link address and paste it into a document.

And never enter your payment information anywhere after following a link from an email, Netflix says.

The absolute safest thing you can do though is just go directly to the site in your browser. So in this case, go to, log in, and check your payment information.

If you do come across a possible phishing email, forward it to, the service asks.

And if you had a brain fart and gave up your info, change your Netflix password ASAP, change the password on all other accounts that you use the same password for, and call your bank/card company to let them know.

Next Up

Boebert-Omar - Flickr Gage Skidmore

Rep. Boebert refuses to apologize for Islamophobic comment toward Rep. Omar

A phone call Monday between the two lawmakers ended abruptly.

Patrick Peterson

Vikings place Patrick Peterson on COVID-19/reserve list

The Vikings cornerback said he was vaccinated in August.

flickr - thin ice warning - USFWS Midwest

'Numerous' reports of eager anglers falling through ice

Conditions are still unpredictable, and can vary even across a single body of water.


Minnesota health officials watching closely for omicron variant

Health leaders do not yet know how transmissible or severe the new variant is.

school bus stop pixabay

School bus driver charged in fatal hit-and-run will plead guilty

Another motorist told the driver to call 911, but he instead got on the bus and drove off, charges say.

Franconia Sculpture Park - Lorie Shaull - Flickr

5 outdoor destinations to explore around the Twin Cities

There's something for everyone on this list of overlooked spots.

Child mental health counseling

As pandemic continues, so do efforts to improve child mental health access

Children's Minnesota has announced it will open its first inpatient mental health facility for under 18s.

Dalvin Cook

Report: Dalvin Cook suffered torn labrum, dislocated shoulder

Cook is now dealing with a dislocated shoulder and a torn labrum on both sides of his body, according to a report.

Tanner Morgan

Tanner Morgan returning to Gophers for 6th season

One Gophers QB has already entered the transfer portal.

Allina Health Richfield - 407 W 66th St, Richfield, Minnesota - June 2019 - CROP

Charges: Clinic locked down after man tried to enter, threatened passersby

Staff at the clinic suspected he was intoxicated, according to the complaint.

covid, vaccine

Minnesota's COVID-19 update for Monday, November 29

The state's latest report includes data from the Thanksgiving break.

unsplash - woman sick coughing - CROP

Long COVID: Review of Mayo patients may provide new clues

The researchers summarized three "major novel findings" from the data.


Netflix remembers every time you pause a show (and a lot of other info)

It sees you when you're binging. It knows when you hit pause.

Chipotle's payment systems were hacked – see if the one you go to was hit

Malware got into the register and card payment systems and scraped up info.

5 things you should take away from the Explore Minnesota Facebook page hack

What you should (and shouldn't) do to keep your accounts safe.

Watch the new Iron Fist trailer from Netflix's Marvel universe

The Iron Fist is the fourth piece of The Defenders – sort of a mini Avengers.

Facebook Messenger just made stalking your friends easier

Let your friends stare at you walking around in real-time for an hour.

Do you know when Uber is tracking your location?

We know apps collect data about us. But how much, and how is it being used?

Forever 21 says it was probably hit by a data breach

If you bought something there with a card, this might affect you.