Warning Over Coronavirus Netflix Scam

March 27, 2020 10:29 am Geraldine Strawbridge

As millions of people around the world go into lockdown, fraudsters have launched a devious new Netflix scam that claims to give away free subscription passes for the platform.

The scam has been perfectly timed to exploit the current surge in people turning to streaming services during the isolation period. The fraudulent messages have been circulating widely across Twitter and WhatsApp and urge users to act quickly if they want to secure their free pass.

The message states: “Due to the Coronavirus pandemic worldwide, Netflix is giving some free pass for their platform during the period of isolation. Run on the site cause it will end quick.” To access the pass, the user is encouraged to click on the link within the message.

Netflix Scam Message
Netflix Scam Message (Source: Business Insider)

Clearly, the broken English and poor grammar should act as a red flag, but the inclusion of the word ‘Netflix’ within the URL may be enough to trick many unsuspecting users into thinking the offer is legitimate.

If the user clicks on the link, they are directed through to a spoofed website that features a fake Facebook-style comment section with lots of positive testimonials from other subscribers across the world. Again, this may offer some false reassurance to any users that have doubts about the site’s credibility.

To obtain their free pass, the user is then asked to complete a brief survey about the coronavirus pandemic.

Netflix Phishing Site
Netflix Phishing Site (Source: Hot For Security)

Once the survey is completed, the user is informed that they have won, but in order to activate their subscription, they need to share the message with 10 of their friends via WhatsApp.

Fake activation page
Fake Activation Page (Source: Hot For Security)

As is the case with all these types of scams, there is no free pass, and the activation process is just a ruse to get the user to spread the scam to their friends. This ensures the scam reaches as wide an audience as possible, enabling fraudsters to trick more people into submitting their personal details or installing malware.

The National Fraud Intelligence Bureau (NFIB) has reported a 400% increase in scams as a result of coronavirus-related fraud. To date, 105 reports have been sent to Action Fraud, with total losses reaching nearly £970,000 in the UK. This figure is only expected to rise as fraudsters exploit people’s fears surrounding the virus.

How to Avoid Coronavirus Phishing Scams

  • Apply caution to any unsolicited calls or texts that you weren’t expecting, particularly if they appear to come from health bodies such as the NHS, the WHO, and the CDC.
  • Never click on links or download attachments from unknown sources.
  • Ignore emails or texts that are threatening or urgent in tone – This is a common tactic used to harass you into taking immediate action. Take a step back, count to 10 and properly assess the validity of the request.
  • Legitimate emails from official service providers that you have accounts with will always address you by your full name. Phishing emails, on the other hand, tend to have generic greetings such as ‘Dear Sir’ or ‘Dear Valued Customer’.
  • If you receive an email from an official body or health organisation that’s littered with spelling mistakes, alarm bells should be ringing. You should always ignore and delete any emails with poor grammar and formatting.
  • Pay close attention to the spelling of an email or web address, if there are any inconsistencies, delete immediately.
  • According to security researchers at Checkpoint, more than 6,000 Covid-19 and coronavirus-related web domains have been registered in the past week. Unfortunately, many of these are malicious. To verify the security of a website – check the site has been secured using HTTPS / check for a website privacy policy / use a website safety check tool such as Google Safe Browsing / do a WHOIS lookup to see who owns the website.
  • A lot of the coronavirus themed phishing emails that are currently in circulation contain banking trojans and other forms of malware. To protect against these threats, you should install the latest anti-virus software solutions on all your devices.
  • Always use strong passwords to reduce the chance of devices being hacked. If you find it hard to remember all these passwords, consider the use of a password manager to maintain the security of multiple accounts.

Please email sales@metacompliance.com if you would like the video file for your internal cyber security education program or visit the contact us page on our website.

Tags: , , ,