Bad actors are taking advantage of global stay-at-home and sheltering guidelines to steal data via fake Netflix and Disney+ signup pages. That’s according to recent reports citing cybersecurity firm Mimecast. The firm reports that there have been as many as 700 scam websites found. That’s between April 6 and April 12 alone.
The overwhelming majority of the sites appear to be mimicking Netflix, with just four of the fake websites imitating Disney+. But each of the sites takes the same tact with regard to potential theft of victims’ personal information. Namely, the sites seek to tempt individuals with offers of free subscriptions or trial periods. That’s complete with forms for users to fill out.
At least a small subset of the sites is reported to be extremely convincing. Moreover, the details requested aren’t out of the question. But those details aren’t being sent to either Netflix or Disney. They aren’t netting those who sign up with an associated streaming account either. Instead, the sites’ designers have one goal in mind — to steal data from the forms.
Some of the data that’s reportedly been stolen includes information ranging from emails, names, and other personal data. Since it isn’t uncommon for companies to require credit card details for free trials, that’s been reported among the details taken as well.
Some of the counterfeit sites can look extremely convincing, selling subscriptions or free accounts to harvest personal and credit card data, although most are poorly designed and have language errors that mark them out as suspicious.
Why are Netflix and Disney+ being targeted?
Netflix and Disney+ represent fairly obvious targets for bad actors amid global lockdown procedures. The former company is already the largest streaming content service available. Its popularity is bolstered by an extensive lineup and frequent updates to self-branded content. The company boasts more than 160 million subscribers worldwide and its market value was boosted to around $192-billion with the outbreak of COVID-19.
Disney+ is arguably the fastest-growing streaming platform. At the start of the abovementioned global health crisis, the company’s subscribership doubled to land at over 50-million global users. That’s between February and April. More users are signing up all the time.
Protect yourself from fake signup pages
Now, the current target of these scams is potential Netflix and Disney+ users but that won’t necessarily remain the case going forward. With no end in sight for global guidelines pertaining to sheltering, bad actors will likely look to scam more users via other services. That includes those seeking entertainment or services outside of streaming video as well as additional video streaming services.
Fortunately, Mimecast indicates that the majority of the sites are poorly designed. Among the more prominent of the errors noticed on the pages includes language errors. That should immediately mark them out as suspicious. Web URLs can also be examined for authenticity both because scams often use suspicious-looking addresses and because browser features are designed to flag suspicious sites.
So, with vigilance from users, the impact of scam sites should be minimal. Users can also navigate directly to either the official “Netflix.com” URL or Disney+ page. Conversely, users can stick to the use of the official Netflix, Disney+, or other streaming apps to avoid landing at fake signup pages.