Some former Netflix subscribers who cancelled their accounts are reporting that they are still being charged for their subscriptions.  The problem arises when scammers using the username and passwords of the former Netflix subscribers to log into the canceled accounts and reactivate them.  The problem is magnified because Netflix stores its customers’ data including their method of payment for ten months after someone cancels their account.  This means that if a scammer is able to obtain the subscriber’s username and password, he or she is able to use the account and have the bill paid by the original subscriber’s credit card.  Usernames and passwords are often obtained through hacking the targeted individual, often through spear phishing emails or text messages that lure the victim into providing his or her username and password.  In many other circumstances, the usernames and passwords are purchased on the Dark Web, that part of the Internet where criminals buy and sell goods and services.  The usernames and passwords are generally obtained through a data breach and then sold on the Dark Web.  The situation is worsened when people use the same username and password for all of their accounts such that if one account of theirs is compromised in a data breach, all of their accounts become vulnerable.

TIPS

Avoiding spear phishing emails and text messages by never clicking on links unless you have absolutely confirmed that the communication is legitimate is important for all of us at all times.  These spear phishing emails will attempt to lure us into clicking on links that contain a wide variety of malware including keystroke logging malware that enables the criminal to search your phone, computer or tablet for personal information such as your passwords.

You should have a unique, strong password for each of your online accounts so that in the event that there is a data breach and the password for one of your accounts becomes compromised, all of your accounts will not become vulnerable to being hacked.  Creating and remembering strong, unique passwords for each of your accounts is not as difficult as it may appear.  You can start with a strong base password constructed from a phrase, such as IDon’tLikePasswords. Add a few symbols like !!! and then adapt it for each account you have so that you will have a secure and easy to remember password for each of your online accounts.   Thus, your Amazon password could be IDon’tLikePasswords!!!AMA.

Whenever possible use dual factor authentication for your accounts so that when you attempt to log in, a one-time code will be sent to your cell phone to insert in order to get access to your account.  For convenience sake you can set up dual factor authentication so that it is only required if you are logging in from a different computer or device than you normally use.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”