As streaming services (opens in new tab) have become the go-to way to watch content online, cybercriminals have begun capitalizing on their popularity by tricking unsuspecting users into signing up for fake services or giving up the credentials to their legitimate accounts.
According to a new report (opens in new tab) from the cybersecurity firm Kaspersky (opens in new tab), phishing scams impersonating Netflix, Disney Plus and other popular streaming services are increasingly being used to coax users into giving up their credit card details and other payment information. These scams involve creating fake landing pages (opens in new tab) for streaming services and getting users to login using their existing credentials to harvest them or having them create an entirely new account. See anything off about the image at the top of this article for instance?
Another way in which scammers are targeting streaming service users is by threatening to block access to their existing subscriptions. One recent example found by Kaspersky appeared as an email saying a user's account was on hold and asked them to update their payment method with a big, red button with the text: “UPDATE YOUR ACCOUNT NOW”. However, this example was easy to spot as a phishing attempt (opens in new tab) since customer was spelled as “costumer” and the email was signed “Your friends at Netflix”.
Cybercriminals have also started using popular shows to attract fans that don't have subscriptions by offering them the opportunity to watch a show on a fake website. For instance, Kaspersky found an unofficial page that invites fans to watch or download The Mandalorian (opens in new tab). This page also showed a short clip cut from trailers to make it look like a new, previously unaired episode. If a user falls for this scam, they are then asked to sign up for a low-cost subscription to continue watching while unknowingly handing over their payment details and email address to scammers.
Hijacked streaming accounts
In addition to stealing credit card details, cybercriminals are also interested in obtaining streaming service account credentials which they then sell on the Dark Web (opens in new tab).
Since Netflix, Hulu and most other streaming services allow multiple people to watch content from the same account, a user could log on to find that their credentials have been sold to others and they'll need to wait for them to finish watching before they can do so themselves.
As password reuse (opens in new tab) across multiple online accounts continues to be a problem, cybercriminals could get access to your credentials for one site and then login to your other accounts. This is why it's highly recommended that use a password generator (opens in new tab) to create strong, unique passwords for all of your accounts and many password managers (opens in new tab) also have this feature built-in.
To avoid falling victim to streaming service scams online, Kaspersky recommends that users avoid clicking on links in emails and go to the official website instead, pay attention to phishing red flags such as misspelled words, use different passwords for all of their online accounts and as always, keep in mind that if something seems too good to be true, like a long lost episode of Disney's The Mandalorian, then it probably is.
Also check out our roundup of the best identity theft protection (opens in new tab) and our list of the best malware removal software (opens in new tab)