Subscription Billing Update Phishing

Scammers send emails or texts that look like they’re from a subscription or streaming service, saying your payment failed or your card expired. They warn your account will be paused soon unless you “update billing.” The link or button takes you to a fake website that copies the real brand’s look to steal your login, credit card, and personal details. Common examples include messages pretending to be from Netflix, Amazon Prime, Hulu, Disney+, Spotify, or Apple. Red flags include urgent deadlines (24–48 hours), generic greetings, small spelling mistakes, and links that don’t lead to the company’s official website.

I encountered this scam Learn common red flags
Primary example

How this scam works

  1. 1

    Step 1: You receive an email or text claiming your subscription payment was declined or your card needs to be updated.

  2. 2

    Step 2: The message creates urgency (e.g., 'service will be suspended in 24 hours') and provides a big 'Update payment' or 'Verify account' button.

  3. 3

    Step 3: The link opens a look‑alike site that copies the brand’s login page and then asks for full card details and personal info.

  4. 4

    Step 4: Some scams also ask for a one‑time security code sent to your phone or email, saying it’s needed to 'verify your account.'

  5. 5

    Step 5: With this information, scammers try to charge your card, take over your account, or reuse your password elsewhere.

✓ Do this

  • Go to the service by typing the address yourself or using the official app to check billing and alerts.
  • Check the sender carefully: emails from real companies come from their official domain (for example, @netflix.com), and links should match the real website.
  • If unsure, contact the company using the number or help page on their official site—not the message you received.
  • If you clicked or shared info, change your password on the real site, contact your bank/card, and turn on two-step verification.

✗ Avoid this

  • Don’t click payment or billing links in unexpected emails or texts.
  • Don’t share one‑time security codes, full card numbers, or personal details with anyone who contacts you first.
  • Don’t call phone numbers or reply to the message—scammers often control those.
  • Don’t reuse the same password across multiple services.

Quick tip: Verify independently

Don’t call numbers or click links in unexpected messages. Go directly to the company’s official site or app and contact support from there.

See common red flags