publishing date icon
January 13, 2023
read time icon
2 min

Disney+ and Netflix impersonation – Fake streaming service subscription notices

Phishing scams using fake streaming service notifications are becoming more common. The scams have the recipient believe their subscription has run out and needs reactivation. Red flags include sender addresses unrelated to the service and links leading to unrelated webpages. To stay safe, examine the "story" of the email, check the sender's address, and verify the link before clicking. Watch out for typos and fake domains similar to legitimate services. If in doubt, manually navigate to the service's website.

Vanguard

Threat Analyst Team

Streaming services are lucrative impersonation targets for attackers since they are widely used.

In both cases, the email claims that the recipient's service subscription has run out and needs reactivation. However, the emails come from sender addresses that aren't related to either service, which doesn't make sense.

Meanwhile, the links also lead to webpages unrelated to either service. Fake subscription service notifications are popular with attackers phishing for credit card details, which was also the case here.

Off the Hook

  • It's good to consider the "story" the email presents and whether other details in the message match it.
  • Examining the sender's address is often a great way to spot a phishing email. Check that the sender's address makes sense in the context of the email and that it doesn't contain typos or misspellings.  
  • Sometimes attackers use a technique called "typo-squatting", registering fake domains with names similar to legitimate services. For instance, in the place of "paypal.com," an attacker could register "paypa1.com" and use it to send phishing emails, hoping the victim won't notice the difference.
  • Additionally, verify that the link leads to where it claims by hovering over it with your cursor. If you have doubts, manually navigate to the service's website instead.
Subscribe to our newsletter