Netflix customers are being warned to be on their guard against a new scam that's aimed at stealing personal information.
Users of the service are receiving email notifications asking them to update their membership by clicking on a link that takes them to a fake Netflix login page.
Here, they are asked to provide their name, date of birth and address, along with their credit card details. And they are then redirected to the real Netflix site, making it less likely that they'll realise they've been scammed.
Netflix advertises for full time TV-watcher: ideal for couch potatoes
"There's more to this scam than meets the eye. What makes this campaign interesting is some of the techniques it uses to avoid detection," says security expert Graham Cluley.
"For starters, all of the phishing pages were at one time hosted on legitimate - albeit compromised - web servers. Those web pages also don't display to users from certain IP addresses if its DNS resolved to companies such as Google or PhishTank."
This means that even filters designed to weed out such phishing scams are unlikely to catch this particular one.
Netflix customers have become a particular target of scammers: recently, many people received fake invoices encouraging them, again, to hand over their credit card details.
Last summer, other users received emails telling them that their account had been suspended and that they needed to download support software - in fact, remote login software that allowed the attackers to take over victims' computers.
How to avoid email phishing scams
You might think that you're wise to the tricks used by phishers - but the chances are, you're not. Late last year, researchers at Carnegie Mellon University gave people a detailed lesson on how to spot scams, and then presented them with 38 emails, half genuine, half not.
And even when the readers examined these in detail in the light of their new knowledge, they got it wrong half of the time.
In fact, says researcher Casey Canfield, the only way to stay safe is to be a bit paranoid.
"Some users were able to identify a vast majority of the phishing emails, but only because they were biased to think everything was a phishing attack," she says.