Scam of the Week: Disney+ Subscribers Targeted by Phishing Scam

November 22, 2019 10:05 am Natasha Deeney Disney Subscribers Targeted by Phishing Scam

Disney Phishing Scam

Following the launch of the highly anticipated Disney+, subscribers are being warned of a vicious email scam that attempts to harvest their personal information.  

More than 10 million people have already subscribed to Disney+ since it launched last week, with The Walt Disney Company claiming to have experienced “extraordinary consumer demand”.  

The recent scam calls on customers of the newly launched streaming service to change their password over “security concerns”, and requests that they input their private account information to update their details. 

The phishing email explains that there may be a problem with the recipient’s credit card information and their account will be locked until the issue has been resolved. 

Disney+ phishing email

With the aim of creating a sense of urgency, the recipient is prompted to click the ‘update account now’ button to activate their account. However, this link then directs unsuspecting victims to a phishing webpage which is cleverly disguised by Disney+ branding. 

As is the case with many similar phishing scams, the dupe website is set up to harvest personal and financial details which can then be sold illegally online. It’s simple for these websites to trick unknowing victims as they will often mirror the styling and branding of a legitimate website. Research reports nearly 1.5 million phishing sites are created each month and are usually highly targeted, sophisticated, hard to detect, and difficult for users to avoid.

The scam comes after the news that thousands of login details for Disney+ accounts have appeared on the dark web, prompting fears that customers have been hacked. Users on social media are saying they are finding unauthorised names and extra profiles added to their accounts when logging in, and others have reported that their contact email and password changed, blocking them from using their own account. 

Disney phishing
Tweets on phishing scam

However, Disney claims that its security systems have not been compromised, saying in a statement that it “takes the privacy and security of our users’ data very seriously and there is no indication of a security breach on Disney+”. 

These types of scams highlight the importance of using unique passwords for all online accounts, as well as implementing extra security measures like two-factor authentication when possible. 

To protect yourself from falling victim to a phishing scam, you should follow the below guidelines: 

  • Never click on links or download attachments from unknown sources. 
  • Always verify the security of a website. 
  • Pay close attention to the spelling of an email or web address, if there are any inconsistencies, delete immediately. 
  • Ignore and delete emails with poor grammar and formatting. 
  • Install the latest anti-virus software solutions on all your devices. 
  • Use strong passwords to reduce the chance of devices being hacked and use different passwords for different accounts. 
  • Question the validity of any email that asks you to submit personal or financial information. 

Find Out More  

For further information on how you can protect your business from phishing attacks, download our free Ultimate Guide to Phishing.

Our award winning MetaPhish platform provides a powerful defence against phishing and ransomware attacks by training employees how to identify and respond appropriately to these threats. It has helped protect organisations across the world from this ongoing threat and provides the first line of defence against phishing attacks. Contact us for further information and learn how we can help protect your business.