1. Netflix and Steal
A Netflix phishing scam is going after users’ payment information and Netflix credentials, according to Naked Security. The phishing emails inform recipients that they’ve missed a payment and they’ll need to login and fix their billing information to resolve the issue.
The emails themselves contain some glaring typos and grammatical issues, including repeated misspellings of “invoice” and the phrase “you local bank being held a transaction.” The phishing site itself is more convincing, however.
The scammers took the time to obtain a valid HTTPS certificate, and they’ve hosted the site on a subdomain with a very long URL consisting of random characters. As a result, the primary domain is pushed out of sight in the browser bar, so the user doesn’t realize they are not on netflix.com. The login page looks perfectly legitimate, as does the page to enter payment card details.
The scammers made another mistake, however, by including an intermediate page that asks users how they want to pay their bill in order to “resrtart” their membership. This page offers a number of options, including one to purchase gift cards. The option to buy gift cards is inexplicably written in French, unlike the rest of the page.
While these warning signs seem easy to spot when you know it’s a scam, they might not be so apparent if you aren’t looking for them or if you are in a hurry.
A similar scam is circulating about PayPal, with the message that an unknown device has accessed your account. This one also has one or two grammatical red flags, but overall looks convincing enough to have gained a wealth of personal information from victims.
So what can you do?
- Force yourself to stop and think before clicking on ANY emails warning about account issues or breaches. Our fear of being compromised is what the bad actors count on, but most legitimate businesses will not try to scare you.
- Always confirm issues independently of the links in these types of emails. Open a separate browser window and log into your account; if there is an official problem, you will be able to see and fix it that way.
- Verify account problems by calling. Don’t use any contact numbers included in a message like those above, but reach out and speak with someone if you have questions.
2. Selfie Scams
Researchers at Kaspersky Lab have observed a spike in fraud surrounding the use of selfies to gain access to sensitive data, Planet Biometrics reports.
Some legitimate online services ask users to upload a photo of themselves holding their ID in order to verify their identity.
If a scammer gets their hands on one of these photos, they can impersonate you online. These photos are valuable on the black market for this reason.
Scammers are collecting these types of selfies via phishing emails that purport to come from payment services and banks. The emails try to convince recipients to go to legitimate-looking phishing sites and upload a selfie with their ID visible.
It’s best to avoid uploading selfies with your ID at all, if possible, because anything you upload to the internet can potentially be stolen at some point. If you do need to do so, make absolutely certain you’re on the correct site and verify that the service is legitimate.
Stay safe with these tips:
- Before confirming your identity in this way, ask the company if there is any other way to verify.
- If you have to do it, look through the site for signs that it is legitimate before uploading. Check that it is secure, showing a locked padlock in the URL. See if there are terms and conditions explaining how they will use your image and how long it will be stored. If you see all this and still have a bad feeling, trust your gut.
3. Movie Mania
TechRepublic reports that Kaspersky researchers have identified sixty-five malicious files masquerading as online copies of Star Wars: The Rise of Skywalker.
The files are spread via phishing sites and social media accounts that pose as official movie pages. In addition to distributing malware, the sites also ask users to enter their credit card data before they can watch the film.
Tatiana Sidorina, a security researcher at Kaspersky, said in a statement that attackers frequently take advantage of popular movies and shows to spread malware.
“It is typical for fraudsters and cybercriminals to try to capitalize on popular topics, and Star Wars is a good example of such a theme this month,” Sidorina said. “As attackers manage to push malicious websites and content up in the search results, fans need to remain cautious at all times. We advise users to not fall for such scams and instead enjoy the end of the saga on the big screen.”
So how can you protect yourself?
- The easiest protection is to avoid pirated material altogether. But the reality is that your network may be shared by others who may not be so careful. So keep in mind (and teach your children) that a company trying to make money from movie ticket sales is highly unlikely to also release a free online version, no matter how authentic their site looks.
- Never enter information, especially payment information, on a site claiming to offer free movies. If it’s free, what could they possibly need payment for?
- Use the Force: that’s your reason, common sense, and your instincts. If something seems ‘off,’ it most likely is.
