Why would someone open a Netflix account using my Gmail address?
I think it's likely that someone is trying to trick you into paying for Netflix for them. From: https://jameshfisher.com/2018/04/07/the-dots-do-matter-how-to-scam-a-gmail-user/:
More generally, the phishing scam here is:
- Hammer the Netflix signup form until you find a
gmail.comaddress which is “already registered”. Let’s say you find the victim
- Create a Netflix account with address
- Sign up for free trial with a throwaway card number.
- After Netflix applies the “active card check”, cancel the card.
- Wait for Netflix to bill the cancelled card. Then Netflix emails
james.hfisherasking for a valid card.
- Hope Jim reads the email to
james.hfisher, assumes it’s for his Netflix account backed by
jameshfisher, then enters his card
- Change the email for the Netflix account to
[email protected], kicking Jim’s access to this account.
- Use Netflix free forever with Jim’s card
(Note that the above steps don't include any "password reset" step for Jim to access the account; that's because the email from Netflix includes authenticated links that won't ask for it. The attacker wants the victim to click on the email links instead of visiting Netflix manually, this is what enables "Eve" to log back in to the account in step 7. Or, since Netflix emails authenticated links, possibly "Eve" already has one.)
The above situation is partially caused by Netflix (understandably) not recognizing Gmail's "dots don't matter" feature where email sent to
[email protected] and to
[email protected] end up in the same account. That doesn't really matter in your case (given that if this is how you're trying to be scammed, step 1 was skipped entirely), however.
A bigger problem is that Netflix apparently still allows people to register email addresses to accounts without verification.
The most probable situation is that someone used an arbitrary Gmail address (yours) in order to sign up for a free trial, or mistakenly tried to change their email to the wrong address (maybe to have a friend/family also get emails).
This would not be a "hack" or even a phishing attempt, just using any available address. This does mean that your Gmail address could not be used for a free trial at Netflix, so there is that negative impact to you.
As a side note, by logging into someone else's account, you have violated many country's "unauthorised access" laws. I would not make a habit of doing this (or telling others on public sites that you have".
- Because of the "dots don't matter" gmail policy, this is not likely to be someone else's bona fide Netfix account, unless a typo has occurred in the name other than dot placement.
- Even so, you should not hijack this account, it is not yours. So no changing the email address to another domain.
- The scam depends upon you having a Netflix account, and using your gmail address for logon.
- They are unlikely to have harvested your gmail account from Netfix, nor one that is "dot agnostically similar" (!), but again, typos.
- Just send a good example to Netflix, and create a rule to bucket future emails.
I don't even use my gmail address for Google.