If you have received a message from Netflix claiming that you have open bills, then be extra aware when there is a link attached to the message.

The reason for this is that cybercriminals have crafted domains which might look like they belong to NetFlix, but in the reality they do not.

The domains fastupdatebillingnetflix[.]com and secureupgradebillingnetflix[.]com are just some of the actually found domains which are trying to lure unaware Netflix subscribers into a phishing environment.

These phishing environments have been setup so that the cybercriminal can gain financial credentials or Netflix credentials from the victim.

There is a massive market for stolen accounts and Netflix accounts are certainly being sold there. You do not want your account to end up on the darknet or in the hands of criminals.

Malicious Netflix domains

We have listed down the malicious Netflix domains so that you can utilize them in your security solutions or in your own research.


Keywords in malicious Netflix domains

The provided examples clearly show, that specific keywords are being used to lure the victims into believing that they are dealing with Netflix.

In this case, the following keywords were used:

  • fast
  • update
  • billing
  • secure
  • upgrade