Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Scam of the Week: Disney+ Subscribers Targeted by Phishing Scam

Disney Subscribers Targeted by Phishing Scam

Disney Phishing Scam

Following the launch of the highly anticipated Disney+, subscribers are being warned of a vicious email scam that attempts to harvest their personal information.  

More than 10 million people have already subscribed to Disney+ since it launched last week, with The Walt Disney Company claiming to have experienced “extraordinary consumer demand”.  

The recent scam calls on customers of the newly launched streaming service to change their password over “security concerns”, and requests that they input their private account information to update their details. 

The phishing email explains that there may be a problem with the recipient’s credit card information and their account will be locked until the issue has been resolved. 

Disney+ phishing email

With the aim of creating a sense of urgency, the recipient is prompted to click the ‘update account now’ button to activate their account. However, this link then directs unsuspecting victims to a phishing webpage which is cleverly disguised by Disney+ branding. 

As is the case with many similar phishing scams, the dupe website is set up to harvest personal and financial details which can then be sold illegally online. It’s simple for these websites to trick unknowing victims as they will often mirror the styling and branding of a legitimate website. Research reports nearly 1.5 million phishing sites are created each month and are usually highly targeted, sophisticated, hard to detect, and difficult for users to avoid.

The scam comes after the news that thousands of login details for Disney+ accounts have appeared on the dark web, prompting fears that customers have been hacked. Users on social media are saying they are finding unauthorised names and extra profiles added to their accounts when logging in, and others have reported that their contact email and password changed, blocking them from using their own account. 

Disney phishing
Tweets on phishing scam

However, Disney claims that its security systems have not been compromised, saying in a statement that it “takes the privacy and security of our users’ data very seriously and there is no indication of a security breach on Disney+”. 

These types of scams highlight the importance of using unique passwords for all online accounts, as well as implementing extra security measures like two-factor authentication when possible. 

To protect yourself from falling victim to a phishing scam, you should follow the below guidelines: 

  • Never click on links or download attachments from unknown sources. 
  • Always verify the security of a website. 
  • Pay close attention to the spelling of an email or web address, if there are any inconsistencies, delete immediately. 
  • Ignore and delete emails with poor grammar and formatting. 
  • Install the latest anti-virus software solutions on all your devices. 
  • Use strong passwords to reduce the chance of devices being hacked and use different passwords for different accounts. 
  • Question the validity of any email that asks you to submit personal or financial information. 

Create a More Security Conscious Workforce 

The Ultimate Guide to Phishing

about the author

sharing is caring

Share on linkedin
Share on twitter
Share on facebook

you might enjoy reading these

UK GDPR Series Available Now

Privacy is an ongoing concern for every organisation, however, the notion of consent isn’t without its complications. To help organisations navigate data protection protocols, we
Read More »

Seasonal Phishing Templates

Phishing is a year-round activity for cybercriminals, and just like retailers, they use seasonal events as an opportunity to cash in. Seasonal occasions, including St
Read More »

Request Demo

The personal information that you provide to us in this form will only ever be used by MetaCompliance (as the Data Controller) for the following specifically defined purposes:

  • email you content that you have requested from us
  • with your consent, occasionally email you with targeted information regarding our service offerings
  • continually honour any opt-out request you submit in the future
  • comply with any of our legal and/or regulatory obligations