Don't click links in email....
I'm just going to say the obvious: DONT CLICK LINKS IN EMAILS.
This scam fails utterly if the user goes to the Netflix site and logs into their own account. It only succeeds if someone has clicked on a link sent through email.
Just the other day, Google sent me a notification with a G**D*** link in it, and I sent them back a "WTF is this?" message. The average user CANNOT differentiate between a real/fake, and should just about NEVER click a link unless someone has specifically said to them: "I'm sending you a link". And that is what we ought to be teaching the average joe.