Netflix and phish? Scammers target movie streamers

Last updated: 14 March 2022
Netflix Enter

With over 1 billion streaming service subscribers, scammers are in no shortage of potential victims.

With movie theaters closed for most of 2020 and a large chunk of 2021, online streaming services took hold. The number of global subscribers grew by 26% to reach 1.1 billion.

From a threat actors' point of view, that means there are over a billion potential targets. A recent analysis by Kaspersky shows that scammers impersonate Netflix to trick movie streamers into giving away financial data.

Netflix Phishin 1
Fake Netflix sign-up page.
ADVERTISEMENT

Even though there's plenty of ways to pay for a streaming service, most choose to pay with their bank card, a lucrative target for malign actors looking to grab some cash.

For example, criminals try to phish out your payment information by setting up a fake sign-up page for a streaming service. That's particularly dangerous since a thoroughly made mockup will ask a victim to provide everything from email address to credit card details.

Users with valid subscriptions are targeted, too. Scammers phish for victims with fake emails instructing them to 'update payment details' or else the 'membership will be terminated.'

Netflix Phishing 2
An email impersonating Netflix.

Following the email leads to a 'payment confirmation page' that requires an unsuspecting victim to enter personal and payment details.

Interestingly, researchers at Kaspersky noticed that the imitation page lacks the usual telltale signs of fake, such as grammar mistakes and obvious design flaws.

Giving away so much data might lead to severe financial loss and identity theft. It's advised never to rush any payments. It's better to lose a subscription if the email was legitimate than to lose funds in the bank account if it was not.

Netflix Phishin 3
Fake Netflix website prompts to enter banking data.
ADVERTISEMENT

Interestingly, some criminals will even try to steal your Netlfix account credentials. A hijacked account with a paid subscription is far from worthless since scammers can sell them on the dark web.

Depending on the Netflix plan, up to four users can stream simultaneously. This means that victims might not even know they're paying for somebody else to watch Netflix.

How to protect yourself against phishing

  • Use unique and complex passwords for all of your online accounts. Password managers help you generate strong passwords and notify you when you reuse old passwords.
  • Use multi-factor authentication (MFA) where possible.
  • Beware of any messages sent to you, even from your Facebook contacts. Phishing attacks will usually employ some type of social engineering to lure you into clicking malicious links or downloading infected files.
  • Watch out for any suspicious activity on your Facebook or other online accounts.

More from CyberNews

Rogue nations and criminals are aggressively exploiting cryptocurrencies - FBI veteran

Here’s how brands can protect themselves from ad-tech fraud

Tax cuts could help to curb cybercrime - interview

This CFO gets on cybercriminals' nerves by discovering vulnerabilities in ransomware payloads

Ransomware economics: if you decide to pay, here's how to negotiate a discount

ADVERTISEMENT

Subscribe to our newsletter

Share
Post
Share
Share
Share
More from Cybernews
“They’re still sulking about the EU switching to USB C:” users react to Apple’s next iPhone plans
Rooting Android invites hackers: up to 3,000 times more vulnerable
Phishing campaign shifts focus to Macs after browsers enhance security on Windows
Links to the “free” TradingView version hide crypto-stealing malware on Reddit
Jensen Huang’s quantum pivot: when tech leaders admit they’re wrong
Meta AI rolling out in Europe in the coming weeks
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked