Real Subscription Renewal Email vs Subscription-Renewal Phishing
How to tell a genuine SaaS or subscription billing notification from a phishing email designed to steal your payment details under a fake renewal alert.
Last reviewed: 1 June 2026
Subscription-renewal phishing emails mimic billing notifications from widely-used services — Netflix, Adobe, Amazon Prime, antivirus providers — creating urgency around a payment failure or an upcoming charge to convince recipients to update their card details on a fake page. Everyone with a subscription is a potential target.
Side-by-side comparison
| Genuine subscription renewal email | Subscription-renewal phishing email | |
|---|---|---|
| Sender domain | Email originates from the service's official domain — e.g. @netflix.com, @adobe.com — verifiable by inspecting the full email headers | Email comes from a domain that mimics the brand (e.g. netflix-billing.com, adobe-support.net) or a completely unrelated domain |
| Account-specific details | Genuine billing emails include your account name, the last four digits of the card on file, and the specific plan you subscribe to | Generic greeting ('Dear Customer', 'Dear Valued Member') with no account-specific details that would verify the sender knows who you are |
| Link destination | Any link in a genuine billing email goes to the service's primary official domain — verifiable by hovering over the link before clicking | Link goes to a domain that is not the service's primary domain; URL may be long, obfuscated, or use a URL shortener |
| Payment update method | Genuine billing issues are flagged inside your account when you log in — not exclusively via email with an external link | Entire call to action is to click a link and enter card details externally; logging into the official app shows no issue |
| Urgency framing | Renewal reminders are routine and do not threaten immediate service suspension for failing to click a link | Claims your service will be suspended within 24 hours, your account has been charged for an unexpected amount, or that a refund is pending |
Common red flags
- Email sender domain is not the service's official primary domain
- Generic salutation with no account-specific identifying information
- Link in the email goes to a domain different from the service's official website
- Urgent threat of immediate suspension or a large unexpected charge if you do not act now
- Logging into the official service directly shows no billing issue, failed payment, or notification
Verification steps
- Log in to the service directly by typing the URL — check the billing section of your account settings for any real issue
- Hover over any email link to preview the destination URL before clicking; verify it matches the official domain
- Check the full sender email address, not just the display name, for the exact domain
What not to do
- Do not click links in renewal or billing emails without first checking the sender domain and link destination
- Do not enter card details on any page reached from a billing email — log into the service directly instead
- Do not call a phone number in a billing email without verifying it on the service's official website
A safe response
If you entered card details on a page reached through a suspicious billing email, contact your bank or card provider immediately to report potential fraud and request a replacement card. Change the password on the service account if you also entered login credentials, and enable two-factor authentication.
Frequently asked questions
How can I tell if the email is really from Netflix or Adobe?
Check the full sender address — not just the display name. The domain after the @ must exactly match the service's official domain. Also log into the service directly and check your billing settings; a genuine issue will appear there too.
I received a refund offer for a subscription I do not recognise — should I claim it?
This is a common phishing technique. Do not click any refund link. Log into your bank account directly to check whether any charge from the company exists. If you do not recognise a subscription, contact your bank to investigate the charge through official channels.