Skip to main content

Possible attack via Netflix; what action should I take, if any? [Resolved]

Late last night I received a "password reset" email from info@mailer.netflix.com.

It looked legit, but I had not requested a password reset. I checked my account's "recent account access" but saw nothing unusual there.

I did not click through and did not reset my password via any other channel. I just left it.

Early this morning I received another email, approx 3 hours after the first

Subject line: - Netflix - Unlock your account -

Email Info:

    from:   Secured Customer 
reply-to:   "info@gov.co.uk" 

Email contents:

- Encrypted attachment –

This message contains 1 encrypted attachment.

This message can only be opened by .

PDF password : 2121

Attached is one file named "Netflix - Unlock -.pdf" which is 112K long.

Is there anything I should be doing about this, apart from ignoring it? (Either for myself, or as a socially responsible "netizen")


Question Credit: Stewart
Question Reference
Asked July 24, 2019
Posted Under: Security
56 views
2 Answers

Late last night I received a "password reset" email from info@mailer.netflix.com.

According to this netflix emails should come from here info@mailer.netflix.com.Please check the SPF and DKIM/DMAC.If it passes then this is official netflix mail.

BUT

from: Secured Customer reply-to:
"info@gov.co.uk" Attached is one file named "Netflix - Unlock -.pdf" which is 112K long.

This email right here is the sketchy one. This MIGHT be a malware.My guess is they used the netflix password reset on your email and when the email went through then try to phish you with a malware.But again i could be wrong BUT it would be best not open that PDF file

Is there anything I should be doing about this, apart from ignoring it? (Either for myself, or as a socially responsible "netizen")

  1. Mark the email as spam so that the system can mark other such emails as spam.
  2. Upload the pdf to virus total if you can.

I wont comment on legal.I have no knowledge of it


credit: Vipul Nair
Answered July 24, 2019

First, this is not an attack via Netflix, is an attack spoofing the email sender. It could be anything: Apple, NASA, whatever. Spoofing an email sender is as easy as writing any name and address on an paper envelope and sending it.

The PDF file is protected so some antivirus software and automated scanners will not be able to detect malware on it.

What you do? Ignore it.

Someone will probably tell you to send it to Netflix, but they have nothing to do with it, and cannot help but tell you this email is not from them.


credit: ThoriumBR
Answered July 24, 2019
Your Answer