Skip to main content
Jump to navigation
netflix devices

There's a new Netflix scam doing the rounds, this time targeting users of Google's Gmail email service.

It exploits a quirk within Gmail that doesn't differentiate between Gmail addresses that have dots and those that don't. In other words, it reads as the same as

The problem is, other sites – like Netflix – do differentiate between dotted addresses and those without. The scam sends an email telling you to update your payment details. This is what happened to a developer called James Fisher.

He clicked the link, and only realised something was wrong when he noticed the card registered to his account wasn't his. It turned out the email was sent to, when his legitimate email address is Because Gmail doesn't differentiate, the email reached his inbox.

Because you don't need to verify the email address linked to your Netflix account when you sign up, there's a simple way for scammers to get your card details. All they need to do is find a Gmail address that's already registered with Netflix, create a Netflix account using that address but with some dots added in, sign up for a free trial and then cancel the credit card they used to register.

Netflix would then email the Gmail account user to request their payment details. Seeing their account was on hold, the account owner would probably update their card details, unwittingly providing them to the scammers.

The man who spotted the flaw says Google should flag up emails sent to variant email addresses with a warning. "The Gmail team should combat this kind of phishing," he wrote. "They should officially acknowledge that dots-don't-matter is a misfeature."

Google hasn't yet commented on the issue.

Netflix said it was working on countering the scam.

"We are aware of this Gmail-specific feature and are actively working on measures to protect against it being used in a malicious way toward Netflix and our members," a spokesperson told TrustedReviews. "Netflix members who want to learn more about how to keep their personal information safe against scams and other malicious activity can go to and should contact Customer Service immediately if they notice anything that is out of the ordinary with their account."

Source: James H Fisher, via The Register and TrustedReviews

Join the conversation

comments powered by Disqus

Stay up to date

  • Google+ Follow uSwitchTech
  • Subscribe to our RSS feed

Latest comments

  • Dave Beck 10 months ago EU portability streaming law:... Netflix already provide a service if the country has a Netflix service. My UK Netflix account works for US...
  • Robert KołOdziej 10 months ago EU portability streaming law:... Netflix, for example, detects and blocks VPN. Tried it and failed just before Easter when we were abroad....
  • Vorteilspack 10 months ago Is Netflix making its own news... Oh no! Whoever told Netflix to do that did a good job sucking up money for something the world doesn't...

Search news