This attack doesn't make sense.
This attack doesn't make sense.
Surely you would need to know the other account's password to log on.
I just set up a netflix account to test and even clicking on the link in the mail takes me to an authentication page.
Also, even if you do enter your details into the wrong account - the best the attacker will be able to find out is the truncated number of your card which won't be very useful (I know it is not nothing but it is really not worthwhile jumping through multiple hoops to get one part of one person's card).
I wasn't able to test whether:
1. You are already authenticated to Netflix on your own account;
2. Email arrives and you click the link which takes you to a different Netflix account without needing to authenticate.
3. You are now logged into the new account.
I doubt this would work but if it did then the issue would be on Netflix's side and not Google's and it would be serious enough that they should fix it.
Otherwise - move along - you are not being phished. You are safe. There is no way your card details are going to a third party (through this method). Rather look out for real phishing emails.
Biting the hand that feeds IT
