In brief: With more people signing up to streaming services, cybercriminals are taking advantage of the less tech-savvy by using classic phishing techniques, tricking users into handing over their login credentials and payment information.

Cybersecurity giant Kaspersky reports on the increasingly popular practice of using streaming services such as Netflix, Disney Plus, and Amazon Prime as phishing bait. The scams use fake sign-up and landing pages that can be pretty convincing at first glance but usually have tell-tale signs of something not being quite right; take a look at the one below as an example.

One of the most common emails is the fake Netflix ‘Update your payment’ warning that states a user’s account is on hold until their payment details have been confirmed. Again, some might believe it looks convincing, but the real Netflix is unlikely to start an email with “Dear costumer.” Clicking on the red button directs to a fake personal details page, one that has no spelling errors, but typing in your credit card numbers is a sure way of receiving a nasty surprise.

Another method is to target non-subscribers with the prospect of watching new, unaired episodes of shows that scammers have pieced together from different clips—The Mandalorian, in this case. They are then asked to sign up for a low-cost subscription to continue watching.

While having your credit card/bank details stolen is a worst-case scenario, criminals are also after users’ streaming service login credentials. These can be sold on the dark web, and as several devices can stream content simultaneously using one account, victims could end up having to wait until a stranger signs out before they’re able to watch their favorite show. There’s also the risk associated with recycling the same passwords across multiple sites and services, something that many people still do.