A greater number of Netflix phishing scams are circulating the internet than ever before, thanks to a dramatic increase during lockdown.
According to data collected by security firm Webroot, the volume of Netflix phishing attacks recorded in July was 60% larger than the previous year.
Analysis of the entire lockdown period (March-July 2020), meanwhile, uncovered a 646% increase in the number of phishing URLs targeting Netflix users, compared with the same period in 2019.
Rival entertainment services have also been leveraged to defraud victims since lockdown was introduced. YouTube phishing has seen a 3,064% increase since February, while the number of HBO- and Twitch-related attacks has also skyrocketed.
While Netflix phishing has been around ever since the video streaming platform rose to prominence, phishing scams have evolved significantly in recent years. Criminals are paying closer attention to grammar and syntax, which might traditionally betray a phishing email, while mimic landing pages have become increasingly convincing.
“The phishing emails we see nowadays are hyper focused on improved spelling, improved grammar, and they are becoming more psychologically focused,” explained Kelvin Murray, Senior Threat Researcher at Webroot.
“For example, recent tactics deployed related to Netflix may claim that the user’s account has been hacked and that they need to update their account information or payment details.”
The problem is also aggravated by the number of unmanaged devices used to conduct business tasks while many employees remain at home – and also the number of corporate devices used for personal activities.
“If the user is using a work device or connected to a work network, this adds an additional layer of danger and can lead to even more serious consequences such as a ransomware infection on the company network,” said Murray.
To protect against phishing attacks, users are advised to scrutinize emails for abnormalities that might identify a scam and cross-check landing page URLs with known addresses (e.g. www.netflix.com) before entering account or payment information.
Businesses, for their part, should ensure employees undertake appropriate security awareness training and back this up with strict email filters and leading antivirus services.