Many people in Germany have subscribed to at least one streaming service. The high number of users is tempting for fraudsters who keep trying to get hold of private data with fake emails and text messages.
According to Statista, Netflix had a whopping 230 million subscribers worldwide at the end of 2022, and Disney+ had 164 million. The major streaming services, which also include Amazon Prime Video and Wow in this country, but also RTL+ and Joyn, offer a wide range of targets for fraudsters. New phishing attempts are constantly appearing – sometimes in the form of e-mails, sometimes in the form of SMS. TECHBOOK provides information about the current phishing threats for users of streaming services.
Please take our Netflix survey:
Fraudulent email on behalf of Netflix
The Schleswig-Holstein consumer advice center warns of a scam targeting customers of the Netflix streaming service. You are currently receiving an email with the subject line “Update your information”. It reads that there was a technical fault that led to problems with invoicing. Customers should therefore renew their data. Conveniently, there is already a button in the e-mail that leads to the relevant page. Of course, behind this is a link to a fake site. The scammers want to use them to gain access to sensitive customer data.
The email is Netflix-style and even includes up-to-date movie recommendations. This makes it look deceptively real at first glance. At second glance, however, it is noticeable that the recommendations are written in a different language. In general, users should note that Netflix or other streaming services would never ask for data in this way. It is therefore best to delete the e-mail and under no circumstances click on the attached link.
LKA warns of fraud against Disney + customers
Disney+ subscribers are currently being targeted by phishing scammers. The State Criminal Police Office of Lower Saxony warns that these are sending abusive emails on behalf of the streaming provider, in which alleged payment problems are mentioned. In order to increase the pressure on those addressed to comply with the instructions in the messages, there is talk of blocking the user account, termination or “closure fees”, according to the LKA.
All of this is of course fictitious. Under no circumstances should you click on buttons or links in the e-mails or enter data on any page, especially not those relating to the bank account, credit card or access data to the user account. The criminals are after this information. Anyone who has nevertheless fallen into the trap and has had sensitive data stolen from them should inform the streaming provider and their bank. And also file a criminal complaint with the local police or at the online police station responsible for your own state.
Alleged billing problems with Netflix
The current attempt at fraud is carried out via SMS, as a colleague in the editorial department found out. She received a message saying a payment to Netflix could not be taken. The subscription, according to the SMS, will therefore be automatically terminated on March 22nd. A link is integrated in the SMS for the uncomplicated renewal of the Netflix subscription.
Of course you shouldn’t click on it. It leads to a fake website that the fraudsters want to use to access data. In the current case, it is already clear when looking at the SMS that it can by no means be genuine, but is a phishing attempt aimed at streaming users. This is not only suggested by the incorrect spelling of NET-FLIX, but also by the lack of any information in the SMS, the strangely named link and – which becomes clear on closer inspection – the sender number. It is a phone number with the area code +33, i.e. a number from France. These points should make recipients of this phishing SMS on behalf of the streaming provider suspicious. You should therefore delete it immediately and block the number. iPhone and Android users can read here how this works in detail.
Fake customer service emails from Disney+
Disney+ users should exercise extra caution at this time. Because scammers are currently sending emails in the name of the streaming provider’s customer service. The email notifies subscribers of an alleged payment issue that could not be resolved. The Disney+ account will thus be cancelled. Those who wish to continue accessing the content must reactivate the subscription, the email said.
As the consumer advice center warns, the email is a phishing attempt on behalf of the streaming provider. Recipients should therefore under no circumstances click on the attached link and enter data there. The fact that users are addressed directly in the email should not unsettle them either. If you take a closer look, you will even see some errors in the phishing mail from the alleged streaming provider. The word “Halo” is misspelled and the e-mail is generally very vague. It should therefore be moved directly to the spam folder.
Scammers want credit card details with fake Netflix email
But even Netflix users are not safe from the phishing mails on behalf of the streaming providers. Recently, a fake email circulated asking Netflix users to update their payment information. The email contained the subject “Netflix.DE: You have an action to complete” and came from the sender “Customer Service”. The scam is quite similar to that of Disney+.
At first glance, the email looks legitimate as it contains both the Netflix logo and typical elements such as red buttons, and is also written in the correct font and without any spelling mistakes.
According to the email, the subscription has been suspended due to the “payment for the next billing cycle [des] Failed to authorize subscriptions”. To go back to “all […] To be able to access benefits”, the user should update the payment information. However, a red button with the content “Identify” leads to a replica Netflix page. If you enter your credit card details there, they end up in the hands of scammers.
Also read: Fraud at Sparkasse, Postbank, DKB: Beware of the current scams
How to unmask fake e-mails from streaming providers
Although the current e-mails are mostly elaborately recreated in the style of the streaming providers such as Netflix, Disney+ or Wow, a closer look reveals a few inconsistencies. It is not uncommon for passages to be found that are written in very crude German. The information about the alleged reason for the blocking is often very vague and spelling mistakes creep in again and again.
Here you can test how well you can tell legitimate emails from fake ones.
What affected users should do
In its help center, the streaming provider Netflix specifically addresses phishing attacks in the form of emails and SMS. The company advises to check the link from the email or SMS carefully. You can do this by right-clicking and “copy link address” or simply move the mouse cursor over the link. If you have already opened the link and an unknown URL appears, you should under no circumstances enter your information. If you have received a suspicious email or text message, you can use the firstname.lastname@example.org to report to Netflix.
Phishing emails on behalf of the streaming provider are also an issue at Disney+. On its help page, the provider emphasizes that it will “never actively ask customers for personal information in this way”. The exception is when users contact Disney themselves and this data is needed to solve a problem. “If you receive an email or phone call from an organization claiming to be Disney asking you to provide this type of personal information or Disney+ account details, for your safety, do not respond,” the provider said.
If you have already entered login or credit card information, you should change the Netflix password immediately. If you use the same combination of email address and password on other websites, you should also change the passwords there. Inform the financial institution and, if necessary, have the credit card blocked if you have entered the data for this. TECHBOOK also recommends filing criminal charges.