According to a Guardian report from April 2020, more than 700 fake websites posing as Netflix and Disney+ have cropped up. These intend to capitalize on the streaming boom that the coronavirus pandemic has triggered across many parts of the world. These platforms have registered growth in the business besides also becoming the most preferred digital service online. This rise has been such that Netflix and YouTube decided to pitch down their HD video quality in order to prevent an internet meltdown in the European Union a few months ago.
However, such a state with millions of subscriptions and users has posed security challenges for these enterprises, which, like many other sectors, are tackling cybersecurity without being perfectly equipped to confront cyberattacks. One may argue that giants like Amazon should be well equipped with security firewalls to prevent such attacks. But the contention here is that while these companies may be equipped to deal with a cyberattack within their own structure, they cannot control or manage the responses such attacks draw from their subscribers. Besides, most cyberattacks are caused by human error — from one wrong click to downloading an email attachment, the consequences could lead to irreversible losses for flourishing empires.
The nature of cyberattacks, targeting loyal viewers of such platforms online, is very basic. Posing as the official brand, these stream hackers have users create accounts on fake sign-up pages in an attempt to steal personal information and payment credentials. If you compare this to recent data breaches on platforms like Zoom, the pattern is quite similar. Yet, many people, even the tech-savvy, tend to fall for them.
Why? The beauty of simplicity.
Despite being simple data breaches, these attackers mimic the source company perfectly. Their emails (with font, writing style and personalization) are designed in a way to dupe people. Hackers send threat messages with an official tenor that says they will shut your account because of incorrect information unless you share the right details.
More than the streaming giants that invest and develop their cybersecurity protocols with every new threat in the market, it is the subscribers who need to pay close attention to phishing and malware attacks.
A few years ago, the dark web saw a surge in bulk deals that saw transactions of Netflix accounts worth pennies on sale. All one had to do was pose as a Netflix employee, ask for updated information and get the payment credentials. These financial details could then be used for a double-whammy Netflix and chill session or for buying subscriptions for any paid online service — HBO, the Apple store and even pornography sites.
The extent to which this stolen information has been profitably used in the past includes large-scale identity fraud. From getting to know the names of family members who share your account to your zip code, the alleged Netflix employee can ask a user to reveal any sort of personal information. Besides, if the compromised user is using the same password for other digital services, maybe the next thing they’ll see is an alarm call from their bank saying, “What about this month’s interest payment since your account is empty?”
This is called the domino effect.
I am not in the business of capitalizing on fear, but given the current circumstances that humanity lives in, many are exploiting human vulnerabilities to profit. Surely, stream hackers are just part of this process.
What Can You Do To Stay Safe?
If you’re looking for ways to increase your own security practices — or those of your employees — start with these tips:
• Check for spelling errors on websites and emails. If the logo of the brand looks a bit different, do a little bit of research.
• The basic guidelines for online security always suggest using a different password for different applications. Follow the rule to save some trouble.
• Don’t log in from an unsecured device just because the power ran out on your phone.
• Cross-check with friends if you receive an email asking you to do something unusual that you normally wouldn’t do.
• Don’t click on links that offer premium memberships at discounts. Use Google to verify if the discount is universally available.
• Avoid unfamiliar email IDs or unknown senders who send promotional links.
While these are basic measures an individual can adopt to stay safe from phishing attacks, streaming companies should also invest in a state-of-art cyber architecture to block deceptive sites and provide login reuse details in real time.
The next time you log into a streaming account like Netflix, keep in mind just how important it is to keep accounts even as simple as these safe.
Founder and CEO of Spider Digital Innovation and a tech entrepreneur with global footprints in Cybertech, Fintech, and Social Innovation.
The original text on Forbes journal