Screengrab of an illegal streaming website. (Source – Shutterstock)

Stranger Scams on Netflix have victims running up the hill

As always, cybercriminals continue to find new ways and methods to prey on victims. During the height of the COVID-19 pandemic, online scams and phishing methods targeted victims looking for vaccines and such. Many victims ended up losing their funds to cybercriminals over these scams.

Apart from the pandemic, cybercriminals next targeted victims through phishing and spam emails in traveling. With international travel resuming around the world, victims had fallen prey to numerous online travel scams and fraud. Once again, cybercriminals were able to profit from this and avoid being captured by the authorities.

Now, cybercriminals are targeting a different set of victims. According to a report by Kaspersky researchers, that has been a surge in spam emails and phishing scams pages focused on stealing funds and personal information of fans of popular streaming shows like Stranger Things on Netflix.

In Singapore, the police reported the total losses from the scams have added up to at least SG$12,500. The Straits Times reported that Netflix scams victims would first receive e-mails, allegedly from the streaming service provider containing a link to renew subscriptions.

netflix scams

(Source – Singapore Police Force)

The police statement also stated that the scammers would trick recipients into clicking on a URL link to renew their subscriptions. Upon clicking on the URL links, victims would be redirected to phishing websites where they would be asked to provide their credit or debit card details and One-Time Passwords (OTPs). Victims would only realize that they have been scammed when they discover unauthorized transactions made using their credit or debit card.

With Stranger Things being one of the most anticipated Netflix shows in recent times, the desire of ardent fans to see new episodes as soon as possible has been actively abused by fraudsters. Last year, fans of another Netflix show, Squid Game, were also targeted by phishing scams over emails.

According to Kaspersky, one of the main reasons for this is victims choosing to watch the program on unofficial sites. These sites, often available through VPNs and such, are used mostly by users who refuse to pay for a subscription to a streaming service and choose to watch a movie or show on an illegitimate page.

However, what they fail to realize is that they often end up paying a heavier price than they are saving – losing their personal information and card data.

Kaspersky researchers stated that some cybercriminals have even offered users the ability “to watch the new episodes for only $1.” To access this offer they were asked to register a new account and enter their address and bank details. After entering their information, fraudsters then drained victims’ wallets, without the victims gaining access to the new season of their favorite series.

The researchers have also detected spam emails that also abuse the popularity of Stranger Things. Such emails are used to sell products of dubious quality and are spread through promotional emails without the consent of the recipient.

For example, one spam email enabled users to buy limited-edition graphic t-shirts related to the new season of Stranger Things. The site supported all languages and all currencies for payment. It may not necessarily be a phishing page, but the fact that the ads for these products were promoted through spam and the domain itself was only recently created raises suspicions about the safety of buying from this page.

“The season four finale was a roller coaster for many viewers, including myself, as a personal fan of the show. However, the painful and challenging ending has only stoked fans’ appetite for more, with excitement already brewing for Stranger Things season five. And as we know, where there is audience demand, scammers will always try to cash in. We can therefore expect that cybercriminals will soon start to actively exploit the popularity of this last season,” commented Olga Svistunova, a security expert at Kaspersky.

Svistunova also highlighted that the danger for users remains as urgent as ever. As such, Svistunova advised Fans to be careful as trying to save money on a streaming service subscription can lead to them losing much more than they could ever save.

With that said, Kaspersky recommends users avoid links that promise free viewings and such. The same can also be applied to the workplace whereby links offering free courses or software need to be checked first before being accessed.

Apart from checking the authenticity of a website, users should also double-check URL formats and company name spellings. They also need to pay attention to the extensions of the files are downloading. For example, a video file will never have a .exe or .msi extension.

Lastly, as some users are using the same device for work and personal use, they need to ensure they have a reliable security solution that can identify malicious attachments and block phishing sites.