Overview
- Spain’s Guardia Civil and INCIBE-OSI issued an active alert after detecting a coordinated campaign that impersonates Netflix to steal banking details.
- Messages claim a payment problem and prompt a “new payment method,” then lead through a simple math step to a fake Netflix login and a form that captures full card data.
- Authorities flag telltales including the subject line “NETFLIX – Actualiza tu cuenta para volver a ver,” non-Netflix sender domains, mismatched URLs, and manufactured urgency.
- Some victims report receiving the fraud via SMS, with posts on X noting texts that mirror the email scheme.
- OSI considers users who entered data affected and advises contacting the bank to block cards, reviewing charges, preserving evidence, filing a complaint, forwarding the message to its incident mailbox, deleting it, blocking the sender, changing reused passwords, enabling two-factor authentication, and navigating to Netflix by typing the official address.