The Mimecast Brand Exploit Protect has found more than 700 suspicious domains impersonating Netflix alone – aside from numerous fake websites impersonating other popular streaming services.
With South Africans confined to their homes, because of the closure of schools, restaurants and parks, streaming services have become a go-to source of entertainment. Although Netflix does not disclose actual subscription numbers for different countries, there is estimated to be more than 330 000 South African subscribers.
According to Brian Pinnock, cybersecurity expert at Mimecast, the surge in usage of streaming services has opened the door for cybercriminals to target unsuspecting consumers and trick them into potentially dangerous actions.
“Since the start of the lockdown period, we have detected a dramatic rise in suspicious domains impersonating a range of streaming services,” he says. “Criminals pretending to be legitimate brands have developed fake websites offering free access to services such as Netflix. Users are asked to share information such as names, addresses, passwords and even credit card details which criminals can then use for monetary gain.
“Because people typically reuse passwords across multiple sites, criminals can test the username and password combinations across sites looking to access information for monetary purposes. Our advice to consumers it to take great care with sites purporting to offer free access to services that normally carry a fee. As a general rule, if it looks too good to be true, it probably is.”
There is good news, says Mimecast: The magnitude of the threat is spurring a new level of cooperation within the security community, including coordination between Mimecast and its competitors, to make the world a more resilient place.
“This is a global problem and we are addressing it globally—coordinating with what others in the industry see and also with governments,” says Michael Madon, Mimecast senior VP and GM for security awareness and threat intelligence. “That’s something that I think is a positive outcome from this: Seeing the security community rally together to protect ourselves and the broader global community from those who would exploit our vulnerabilities and weaknesses.”
Look out for these fakes
Many spoofed websites attempt to deceive users by focusing on current concerns, including coronavirus testing, COVID-19 cures, and tracking the spread of infections. “Over the last few weeks, we’ve seen a massive increase in the number of coronavirus-themed spoofed websites,” says Kiri Addison, Mimecast head of data science for threat intelligence and overwatch. Mimecast has recently detected more than 60,000 spoofed coronavirus-related websites, including:
- 302 websites selling home test kits—something many people are searching for in light of the uncertainty;
- 44 websites suggesting a COVID-19 cure;
- Countless attempts to impersonate the Centers for Disease Control and Prevention (CDC) and World Health Organization (WHO)—two of the main official sources that people turn to for coronavirus information; and
- Fake donation web pages that exploit people’s generosity by pretending to request money for COVID-19 victims