The emails themselves contain some glaring typos and grammatical issues, including repeated misspellings of “invoice” as “invoce,” and the phrase “you local bank being held a transaction.”
The phishing site itself is more convincing, however. The scammers took the time to obtain a valid HTTPS certificate, and they’ve hosted the site on a subdomain with a very long URL consisting of random characters. As a result, the primary domain is pushed out of sight in the browser bar, so the user doesn’t realize they aren’t on netflix.com. The login page looks perfectly legitimate, as does the page to enter payment card details.
The scammers made another mistake, however, by including an intermediate page that asks users how they want to pay their bill in order to “resrtart” their membership. This page offers a number of options, including one to purchase gift cards. The option to buy gift cards is inexplicably written in French, unlike the rest of the page.
While these warning signs seem easy to spot when you know it’s a scam, they might not be so apparent if you aren’t looking for them. New-school security awareness training can teach your employees to constantly be on the lookout for red flags. Naked Security has the story: https://nakedsecurity.sophos.com/2019/11/29/netflix-account-freeze-dont-click-its-a-scam/