Targeted cyber attacks on streamers on the rise, Kaspersky reports
December 2020 by Kaspersky
Home entertainment is changing as the adoption of streaming TV services increases. The global market for streaming services is estimated to reach $688.7 billion by 2024 and, with this month marking a year since thousands of Disney+ accounts were hacked, streaming platforms continue to offer a new, potentially lucrative attack vector for cybercriminals. But as Disney reveals its subscription base has now reached 73m, more consumers than ever before are at risk of attack from opportunist criminals looking to sell account details for millions of pounds.
Even established services, such as Netflix and Hulu, are prime targets for distributing malware, stealing passwords and launching spam and phishing attacks. The spike in the number of subscribers in the wake of the COVID-19 pandemic has provided cybercriminals with an even bigger pool of potential victims. In the first quarter of this year, Netflix added fifteen million subscribers—more than double what had been anticipated.
Unsurprisingly, phishing is one of the most popular approaches taken by cybercriminals, as they seek to trick people into disclosing login credentials or payment information. Our research indicated that between January 2019 and April 2020, 23,936 attempts were made to steal account credentials from streamers belonging to some of the biggest services.
Criminals also capitalise on the growing interest in streaming services to distribute malware and adware. Typically, backdoors and other Trojans are downloaded when people attempt to gain access through unofficial means – by purchasing discounted accounts, obtaining a ‘hack’ to keep their free trial going, or attempting to access a free subscription.
Read Kaspersky’s full Q3 threat evolution report here.
In order to stay safe from phishing scams related to streaming platforms, Kaspersky experts recommend that streamers:
Look carefully at the senders’ addresses on streaming deals: if it comes from a free email service or contains meaningless characters, it is most likely fake.
Pay attention to the text: well-known companies would not send email with poor formatting or bad grammar.
Do not open attachments or click links in emails from streaming services—particularly if the sender insists upon it. It is better to go to the official website directly and log in to your account from there.
Be wary of any deals that seem too good to be true, such as a ‘one-year free subscription’.
Do not visit websites until you are sure they are legitimate and start with ‘https’.
Once on the website, check that it is authentic. Double-check the format of the URL or the spelling of the company name, as well as read reviews and check the domain’s registration data before starting any downloads.
Use a reliable security solution that identifies malicious attachments and blocks phishing sites.