Watch out - that Netflix offer might be a phishing scam

Cybercriminals are capitalizing on the popularity of streaming services

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Asstreaming serviceshave become the go-to way to watch content online, cybercriminals have begun capitalizing on their popularity by tricking unsuspecting users into signing up for fake services or giving up the credentials to their legitimate accounts.

According to anew reportfrom the cybersecurity firmKaspersky, phishing scams impersonating Netflix, Disney Plus and other popular streaming services are increasingly being used to coax users into giving up their credit card details and other payment information. These scams involve creating fakelanding pagesfor streaming services and getting users to login using their existing credentials to harvest them or having them create an entirely new account. See anything off about the image at the top of this article for instance?

Another way in which scammers are targeting streaming service users is by threatening to block access to their existing subscriptions. One recent example found by Kaspersky appeared as an email saying a user’s account was on hold and asked them to update their payment method with a big, red button with the text: “UPDATE YOUR ACCOUNT NOW”. However, this example was easy to spot as aphishing attemptsince customer was spelled as “costumer” and the email was signed “Your friends at Netflix”.

Cybercriminals have also started using popular shows to attract fans that don’t have subscriptions by offering them the opportunity to watch a show on a fake website. For instance, Kaspersky found an unofficial page that invites fans to watch or downloadThe Mandalorian. This page also showed a short clip cut from trailers to make it look like a new, previously unaired episode. If a user falls for this scam, they are then asked to sign up for a low-cost subscription to continue watching while unknowingly handing over their payment details and email address to scammers.

Hijacked streaming accounts

In addition to stealing credit card details, cybercriminals are also interested in obtaining streaming service account credentials which they then sell on theDark Web.

Since Netflix, Hulu and most other streaming services allow multiple people to watch content from the same account, a user could log on to find that their credentials have been sold to others and they’ll need to wait for them to finish watching before they can do so themselves.

Aspassword reuseacross multiple online accounts continues to be a problem, cybercriminals could get access to your credentials for one site and then login to your other accounts. This is why it’s highly recommended that use apassword generatorto create strong, unique passwords for all of your accounts and manypassword managersalso have this feature built-in.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

To avoid falling victim to streaming service scams online, Kaspersky recommends that users avoid clicking on links in emails and go to the official website instead, pay attention to phishing red flags such as misspelled words, use different passwords for all of their online accounts and as always, keep in mind that if something seems too good to be true, like a long lost episode of Disney’s The Mandalorian, then it probably is.

Also check out our roundup of thebest identity theft protectionand our list of thebest malware removal software

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well