Netflix and YouTube users warned about massive rise in data scams

Adam Smith
·3 min read
AFP via Getty
AFP via Getty

Hackers have increased their attacks against streaming companies, as research has shown that phishing URLs which include Netflix, HBO, YouTube, and Twitch has risen dramatically.

Phishing is an attempt to steal sensitive information such as usernames, passwords, credit card numbers, bank account details and other personal data.

Research from cybersecurity company Webroot showed that Netflix phishing attempts had been made 60 percent more in July 2020 when compared to July 2019, and 646 percent more for March to July, the duration of the lockdown period.

Phishing URLs that contained the word YouTube also saw a dramatic increase, with 3,064 percent increase since February. Twitch and HBO also saw significant rises, with a 337 percent increase and 525 percent increase, respectively, since February.

Streaming services have seen their usage increase during the coronavirus pandemic and subsequent lockdown. Research from Ofcom has found that people watched Netflix, Amazon Prime Video and Disney+ and other services for one hour and 11 minutes per day, twice as much as they did before the pandemic.

Moreover, 12 million customers were new to the apps, and three million of them had never used any streaming service before.

As such, these companies have seen their subscriber numbers rise and their stock price has subsequently increased too.

There are numerous forms these phishing attacks can take. These include:

  • Deceptive phishing - using a fake link to steal a user’s login details

  • Spear phishing attacks - using a fake email address which appears genuine to convince victims to send over personal information.

  • Advanced-fee scam - commonly known as the “Nigerian price” email, a wealthy figure will ask for a small sum with the promise the sender will be rewarded with a larger sum at a later date.

  • Account deactivation scam - victims are told, purportedly from a member of a bank or similar organisation, that an account will be deactivated imminently if personal information is not handed over.

The best protection against the effects of these attacks are avoiding them in the first place. The government advises to check for spelling and grammar, as well as off-brand images or lacklustre standards. This can be especially notable considering the number of scams that use the imagery of high-profile organisations.

It also recommends checking whether the email addresses the reader by their name, or a general term such as “friend” and “valued customer”, as well as emails which include any threats or urges to act promptly.

However, even that will be less effective against more sophisticated hackers.

“Phishing tactics evolve and shift with the news agenda. In the past we’ve seen fake stories about Conor McGregor and Elon Musk driving click-through to malicious Twitter links, and now we’re seeing a huge rise in tactics related to Netflix. The fact that the streaming service has grown in popularity over the same lockdown time frame is not a coincidence” said Kelvin Murray, a Senior Threat Researcher at Webroot, in a statement.

“To defend against these kinds of attacks, individuals should undertake security awareness training and remain vigilant in scrutinising the types of emails they receive. This should also be underpinned by cybersecurity technology such as email filtering, anti-virus protection, and strong password policies."

Read more

Fraudsters posing as banks in GDPR emails for phishing scam