Streaming platforms such as Netflix, Disney Plus and Prime Video currently have more than 1.85 billion active subscriptions in the world, according to data from Digital TV Research.This constantly growing universe of users represents an attractive target for cybercriminals, who have perfected spoofing campaigns to obtain personal and financial data.
Cybersecurity specialists warned about the increase in digital frauds that use social engineering techniques and false messages sent by email, SMS or notifications.Attackers precisely imitate the image and language of the original platforms to induce users to hand over sensitive information.
Arturo Torres, director of threat intelligence for Fortinet’s FortiGuard Labs in Latin America and the Caribbean, explained that “the deception usually begins with messages that appeal to urgency, such as alleged billing errors, the immediate suspension of an account or promotions that are too good to be true.”
According to the specialist, the tactic seeks to make the recipient act impulsively and not verify the authenticity of the communication.
Fraudulent messages often include links that lead to websites designed as replicas of the official Netflix, Disney Plus or PrimeVideo pages.Once there, users find forms that request credentials, personal data or banking information.
When a person enters this data, criminals gain access to their accounts and can use them to carry out more complex fraud, identity theft or launch targeted attacks on other digital services.
The sophistication of these campaigns has grown with the use of artificial intelligence, which makes it possible to personalize messages, analyze consumption patterns and take advantage of premieres of popular series to make the deception more credible.The risk also extends to the work environment, since a compromised account on a corporate device can facilitate access to an organization’s data and systems.
Among the most frequent consequences identified by specialists are account theft, the use of credentials in other services, unauthorized access to financial information and exposure to larger scale attacks.
Torres warned that “once the user hands over their data, criminals can use it to commit more complex fraud, steal identities or launch new targeted attacks.”
Experts agree that a culture of digital prevention is key to reducing exposure to these frauds.They recommend distrusting any message that conveys urgency or threats, closing suspicious emails or SMS and always accessing it from the official application or by manually typing the web address in the browser.
Legitimate platforms never ask for passwords or bank details through links.Enabling two-factor authentication adds an additional layer of security.Specialists suggest maintaining strong and different passwords for each service, periodically verifying bank transactions and using updated security solutions, such as antivirus and password managers.
In addition, they advise carrying out transactions only from your own devices connected to trusted networks, checking the sender’s domain and not getting carried away by excessively attractive offers.Reporting phishing attempts to the corresponding platforms helps stop the spread of these frauds and protect other users.
