Researchers have identified more than 700 malicious Netflix and Disney+ clones used by scammers to retrieve victims' personal data. Fraud websites steal funds directly through fake signups or collect credit card details and login credentials to use at a later date. Some of the clones are said to look extremely convincing, though most are characterized by amateurish design and syntax errors.
Netflix scams
Between April 6 and 13 alone, cybersecurity firm Mimecast identified around 700 websites that imitate Netflix, the world's most popular streaming service. The firm also discovered four clones of the smaller streaming platform Disney+ during the same period. Appetite for content has skyrocketed in recent weeks as people try to stay entertained under the coronavirus lockdown. As a result, Netflix's market value rose to €192 billion, during a period when the vast majority of companies saw their share prices fall. Although the precise increase in the number of Netflix subscribers is unknown, the company is expected to announce its quarterly results on April 21, which should shed light on the scale of its recent success. According to Carl Wearn, head of cybercrime at Mimecast, the increase in streaming on all sorts of platforms is likely to pique the interest of hackers. "We've seen a dramatic increase in suspicious domains masquerading as a variety of malicious transmission giants," he said. "These fraudulent websites often lure unsuspecting members of the public with an offer of free subscriptions to steal valuable data. The data collected includes names, addresses, and other personal information." Data theft of this type can open the door to a A practice known as credential stuffing, whereby cybercriminals use stolen credentials to gain unauthorized access to a multitude of online services. For this reason, users are advised to use unique passwords and protect accounts with multi-factor authentication where possible, especially if they suspect they have fallen victim to a fraudulent website. Users should also check websites for misspellings and malforming, and ensure that URLs do not contain any irregularities. Via The Guardian