In a nutshell: Streaming services have experienced a surge in new members since the lockdowns began, and criminals are taking advantage of it. A cybersecurity firm has found that more than 700 fake websites imitating Netflix and Disney+ signup pages have been created to steal people’s personal data.
Mimecast identified around 700 suspicious websites mimicking Netflix that appeared between April 6 and April 13. The world’s most popular streaming service has predicted it will add seven million new customers in Q1, though the actual figure could be even higher. The uptick in new members means Netflix is now worth $192 billion, more than Disney.
The security firm also discovered four fake Disney+ signup websites during the same period. The service only launched five months ago and arrived in much of Europe just a few weeks ago, but it has still managed to attract 50 million subscribers.
While these websites can resemble the real versions at first glance, closer inspection usually reveals poor designs, suspicious URLs, and spelling and grammar errors. But some users don’t notice these tell-tale signs and end up handing over their names, passwords, and credit card details.
“We have seen a dramatic rise in suspicious domains impersonating a variety of streaming giants for nefarious purposes,” said Carl Wearn, cybercrime lead at Mimecast. “These spoof websites often lure unsuspecting members of the public in with an offer of free subscriptions to steal valuable data.”
Not only could criminals behind the spoofed websites drain victims' bank accounts and abuse their credit cards, they could also use the credentials to access other online services—many people recycle the same login names and passwords across multiple sites.
Image credit: Ivan Marc via Shutterstock