“Streaming services offer a variety of payment plans, but generally, they all involve paying with a credit card,” Grustniy said. “And where there are card details, there is phishing.” Read on to learn more about the campaign and what you can do to protect yourself.
Details of the Phishing Campaign
Existing subscribers are targeted with an email that asks them to update their billing information. These phishing emails contain the following:
“We’re having some trouble with your current billing information.” “We’ll try again, but in the meantime, you may want to update your payment details.” A link to “Update Your Account Now,” which takes you to a malicious confirmation page. It is addressed to “costumers” instead of “consumers.” The sign-off “Your friends at Netflix.”
Campaign Targets Payment Information
Kaspersky researchers also discovered a tactic involving fake offers to stream popular shows, such as The Mandalorian. Here, the victims watch a trailer of the show. In order to continue the stream, they must pay a fee. Any payment information that they provide goes straight to the scammers. Apart from payment data, the stolen streaming credentials are also valuable. Scammers sell these credentials in underground markets. “After all, depending on your Netflix plan, you can stream on (up to four) devices simultaneously, and cybercriminals can sell your login credentials to any number of streamers,” Grustniy said. “That means you might find yourself having to wait in line until some stranger decides to sign out.” Furthermore, stolen information such as passwords can be used in future attacks. Kaspersky has advised users to exercise caution, and to refrain from clicking on emails that seem to be from streaming services. Additionally, they urge users to watch out for obvious signs of phishing. This includes incorrect spellings when asked for payment information.