Netflix Scams Target People Sheltering in Place

iStock-992007460With people sheltering in place during the pandemic emergency, they’re both teleworking and finding their entertainment online. Google searches for Netflix jumped 142% since the advice to stay home became serious. The criminals as usual take note of trends in the wider world that can work to their advantage, and, according to the Express, that’s happening now. A Netflix-themed phishing campaign is in progress against those who are keeping their social distance at home.

The most prominent campaigns use fake sites that appear to be Netflix sign-up pages, but that in fact were established simply to steal from those who think they’re registering for the service. The cyber security firm BrandShield told the Express that 639 fraudulent domains that use the word “Netflix” have been registered. 236 of those were established during March alone. 41% of these bogus domains have a mail server, and that indicates that they’ve probably been sending phishing emails to prospective victims.

Yoav Keren, BrandShield’s CEO, told the Express, "As the world goes into lockdown, cybercriminals are capitalising on people spending more and more time online. Consumers of streaming websites are increasingly at risk of successful phishing attacks. We have seen an explosion in domain names featuring ‘Netflix’ as criminals are looking to catch consumers out and extract financial or personal records.”

One of the scams was recently carried out with WhatsApp messages that assumed a public-spirited tone, offering to help people weather the pandemic with free passes to entertainment offered by Netflix. "Due to the COVID-19 pandemic, we are giving away totally free access to our platform for the period of isolation, until the virus is contained." All you had to do to claim your “free pass” was fill out an online questionnaire--naturally it asked for personal information--and then forward the offer to ten friends. It’s all, of course, an imposture. There is no free pass.

It’s worth noting that this particular scam is an instance of the old chain letter scheme. That’s a racket that’s particularly well-adapted to online communication. You may well be suspicious of an offer of a free pass that comes out of the blue from an account that looks vaguely legitimate but still might smell fishy. But if an email comes from a friend, you just might be inclined to look twice and maybe even take them up on the offer.

The pandemic is a stressful time, and people who are normally savvy about not being taken in may find themselves with their guard down, just a bit. Some acquaintance with the history of fraud can help. With scammers, everything that’s old has a way of becoming new again, and that’s why new-school security awareness training can prepare your employees to defend themselves against even old-school social engineering.

The Express has the story:

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews