Netflix and phish? Scammers target movie streamers

With over 1 billion streaming service subscribers, scammers are in no shortage of potential victims.

With movie theaters closed for most of 2020 and a large chunk of 2021, online streaming services took hold. The number of global subscribers grew by 26% to reach 1.1 billion.

From a threat actors' point of view, that means there are over a billion potential targets. A recent analysis by Kaspersky shows that scammers impersonate Netflix to trick movie streamers into giving away financial data.

Netflix Phishin 1
Fake Netflix sign-up page.

Even though there's plenty of ways to pay for a streaming service, most choose to pay with their bank card, a lucrative target for malign actors looking to grab some cash.

For example, criminals try to phish out your payment information by setting up a fake sign-up page for a streaming service. That's particularly dangerous since a thoroughly made mockup will ask a victim to provide everything from email address to credit card details.

Users with valid subscriptions are targeted, too. Scammers phish for victims with fake emails instructing them to 'update payment details' or else the 'membership will be terminated.'

Netflix Phishing 2
An email impersonating Netflix.

Following the email leads to a 'payment confirmation page' that requires an unsuspecting victim to enter personal and payment details.

Interestingly, researchers at Kaspersky noticed that the imitation page lacks the usual telltale signs of fake, such as grammar mistakes and obvious design flaws.

Giving away so much data might lead to severe financial loss and identity theft. It's advised never to rush any payments. It's better to lose a subscription if the email was legitimate than to lose funds in the bank account if it was not.

Netflix Phishin 3
Fake Netflix website prompts to enter banking data.

Interestingly, some criminals will even try to steal your Netlfix account credentials. A hijacked account with a paid subscription is far from worthless since scammers can sell them on the dark web.

Depending on the Netflix plan, up to four users can stream simultaneously. This means that victims might not even know they're paying for somebody else to watch Netflix.

How to protect yourself against phishing

  • Use unique and complex passwords for all of your online accounts. Password managers help you generate strong passwords and notify you when you reuse old passwords.
  • Use multi-factor authentication (MFA) where possible.
  • Beware of any messages sent to you, even from your Facebook contacts. Phishing attacks will usually employ some type of social engineering to lure you into clicking malicious links or downloading infected files.
  • Watch out for any suspicious activity on your Facebook or other online accounts.

More from CyberNews

Rogue nations and criminals are aggressively exploiting cryptocurrencies - FBI veteran

Here’s how brands can protect themselves from ad-tech fraud

Tax cuts could help to curb cybercrime - interview

This CFO gets on cybercriminals' nerves by discovering vulnerabilities in ransomware payloads

Ransomware economics: if you decide to pay, here's how to negotiate a discount

Subscribe to our newsletter