As the popularity of video streaming services grows especially during the coronavirus pandemic, they also increase the attacks that use them as a decoy. And in the last year and a half the platform Netflix, as well also The Mandalorian series, were the most used to attack users, as revealed by the main computer security companies.
The new Netflix scam that attacks Argentines
ESET, a leading company in proactive threat detection, identified a campaign of phishing (identity theft) active in which it seeks to deceive through the Netflix streaming platform with the intention of steal user data from Argentina and the rest of Latin America.
This particular campaign is distributed via email whose subject is: “Notification Alert”. In the body of the email, the message informs about a alleged accumulated debt by the potential victim that will lead to the suspension of the service in case of not paying the amount.
In addition to impersonating Netflix, a brand widely used by cybercriminals for advertising campaigns. phishing probably due to the large number of users that this service has, ESET engineers showed that the hackers behind the deception resort to the immediacy of action by the user.
The mail is a clear example of the main signals that should arouse the suspicion of the user in case of receiving a message of this type. While it includes the name of the company it claims to represent, the email address is unrelated with the brand name. Everything would indicate that it is an email account that was compromised to be used for sending malicious spam.
The new fraudulent campaign on the Internet that has Netflix as bait. (Photo: ESET screenshot)
Another key element that ESET researchers highlight to confirm that you are facing a deception, is the url behind the button “UPDATE YOUR PAYMENT DETAILS.”
This information is observed when positioning the mouse pointer over said button, where the address that will be accessed if clicked is previewed, and shows that the link in the email is not an official site or registered by the brand.
Deception seeks steal financial data of the victims when requesting that the complete numbers of the means of payment used or of a new credit card be re-entered. According to ESET, another signal that should alert the user if they have reached this point is that the text on this page is in English, when the original message is in Spanish.
Digital fraud with Netflix as bait. (Photo: ESET screenshot)
In the event that the victim falls into the trap and enters the information, after confirming their data they will find a message, again in English, indicating that their account was reactivated.
Once the user clicks the “Continue” button, they will be directed to the official Netflix page (a site that has a valid SSL certificate and on the name of Netflix), but this time in Spanish.
If the victim got here without noticing the deception, he may not have realized either that, as part of the deception, he was directed to the legitimate site for the user to try to access and thus confirm that the account is not blocked.
Netflix and The Mandalorian, the favorite platforms and series for attacks
For its part, the cybersecurity company Kaspersky conducted research on the series and movies platform between January 2019 and April of this year.
During this period, 5,577 users of its security solutions were exposed to various threats while trying to access these platforms through unofficial means through files that used their names as a decoy, with 23,936 attempts in total.
According to the data, among streaming services, Netflix was the most used by cybercriminals, ahead of others such as Hulu, Disney +, Apple TV Plus and Amazon Prime Video.
The Mandalorian, the series from the streaming service Disney Plus. (Disney Plus via AP)
Among the original programs of these platforms, the one most used by cybercriminals as a decoy was The Mandalorian, the Disney + series set in the Star Wars universe. This series alone exposed 1,614 users for a total of 5,855 infection attempts.
They are followed in the ranking by other series such as Stranger Things, The Witcher, Sex Education, and Orange is the New Black, all of them present in the Netflix catalog currently.
Only these five series were the lure that managed to expose 4,502 users, with a total of 18,947 infection attempts registered in 16 months.