With people sheltering in place during the pandemic emergency, they’re both teleworking and finding their entertainment online. Google searches for Netflix jumped 142% since the advice to stay home became serious. The criminals as usual take note of trends in the wider world that can work to their advantage, and, according to the Express, that’s happening now. A Netflix-themed phishing campaign is in progress against those who are keeping their social distance at home.
The most prominent campaigns use fake sites that appear to be Netflix sign-up pages, but that in fact were established simply to steal from those who think they’re registering for the service. The cyber security firm BrandShield told the Express that 639 fraudulent domains that use the word “Netflix” have been registered. 236 of those were established during March alone. 41% of these bogus domains have a mail server, and that indicates that they’ve probably been sending phishing emails to prospective victims.
Yoav Keren, BrandShield’s CEO, told the Express, "As the world goes into lockdown, cybercriminals are capitalising on people spending more and more time online. Consumers of streaming websites are increasingly at risk of successful phishing attacks. We have seen an explosion in domain names featuring ‘Netflix’ as criminals are looking to catch consumers out and extract financial or personal records.”
One of the scams was recently carried out with WhatsApp messages that assumed a public-spirited tone, offering to help people weather the pandemic with free passes to entertainment offered by Netflix. "Due to the COVID-19 pandemic, we are giving away totally free access to our platform for the period of isolation, until the virus is contained." All you had to do to claim your “free pass” was fill out an online questionnaire--naturally it asked for personal information--and then forward the offer to ten friends. It’s all, of course, an imposture. There is no free pass.
It’s worth noting that this particular scam is an instance of the old chain letter scheme. That’s a racket that’s particularly well-adapted to online communication. You may well be suspicious of an offer of a free pass that comes out of the blue from an account that looks vaguely legitimate but still might smell fishy. But if an email comes from a friend, you just might be inclined to look twice and maybe even take them up on the offer.
The pandemic is a stressful time, and people who are normally savvy about not being taken in may find themselves with their guard down, just a bit. Some acquaintance with the history of fraud can help. With scammers, everything that’s old has a way of becoming new again, and that’s why new-school security awareness training can prepare your employees to defend themselves against even old-school social engineering.
The Express has the story: https://www.express.co.uk/life-style/science-technology/1270323/Netflix-Warning-New-Scam-Hack-UK.
Here's how it works:
