Netflix users targeted by cybercriminals since COVID outbreak

Explosion in cybercrime targeting Netflix users detected since the coronavirus outbreak with hundreds of phishing schemes and fraudulent websites set up to trick viewers

  • Security firm detected 639 fake domains containing the word ‘Netflix’ in 2020
  • Nearly 40 per cent of these were registered in March as virus lockdown started 
  •  The fake sites steal from their victims who are asked to enter billing information
  • Learn more about how to help people impacted by COVID

Scammers are increasingly using the guise of streaming giant Netflix to steal money from people during the coronavirus pandemic, a security company says. 

US cyber safety company BrandShield has detected a total of 639 new domain names registered containing the word ‘Netflix’ in them since the beginning of 2020.

More than a third of these dodgy webpages were set up in March, when millions of people turned to streaming to alleviate the boredom of social isolation. 

The fake sites, including and, attempt to dupe victims into entering their personal information, including payment details. 

BrandShield says criminals are also trying to compromise account details of both existing and potential Netflix users through phishing emails and social media.   

With COVID-19 forcing millions of people to turn to the screens for entertainment, cybercriminals are capitalising, targeting viewers of streaming sites such as Netflix


The following are just some of the 639 Netflix imitation web domains, considered dangerous by BrandShield: 





· – with malware

· – with malware




· – with malware

· – with malware



Brandshield’s chief executive said governments must now do more to educate the public about how they can protect themselves and their personal identity online.

‘As the world goes into lockdown, cybercriminals are capitalising on people spending more and more time online. Consumers of streaming websites are increasingly at risk of successful phishing attacks,’ said BrandShield CEO Yoav Keren.

‘We have seen an explosion in domain names featuring “Netflix” as criminals are looking to catch consumers out and extract financial or personal records.’ 

Fake Netflix sites are created by criminals who are looking to steal money from viewers hoping to access Netflix content by entering their billing information. 

The company has provided a list of some of the potentially dangerous webpages – some of which use the Netflix branding.    

For example, web pages such as and are posing as the Netflix pages for particular countries asking for people’s payment details. 

The fake Vitemanese Netflix site claims to offer a 4K Netflix account for a ‘shocking price’ that gives users ‘peace of mind’. 

‘We are proud to be the only reputable unit over 2 years in the field of providing cheap Netflix accounts in Vietnam,’ the criminals add. 

The fraudulent Spanish-language site boasts ‘Netflix accounts guaranteed’. The text translates as ‘Enjoy all month with your Netflix account, movies and unlimited series!’

Meanwhile, aimed at Venezuelan users, says its payments are taken through the South American e-commerce company Mercado Pago. 

Others, like, boast a ‘free Netflix account service’ that will be opened ‘soon’ – below which is a telltale WordPress anomaly. 

BrandShield said 41 percent of the 639 new websites created in 2020 also have a mail server indicating that phishing emails may also be being sent.

Of the 639 new domain names detected by the company, 236 domains – nearly 40 per cent – were registered in March as lockdowns consigned people to their homes.

Screenshot from the domain, claiming to be 100 per cent genuine and give Netflix users peace of mind

Some of these new domains are still online and are marked as dangerous by web browsers, with warnings that the site may trick visitors into installing software or revealing personal information.  

And Facebook is hosting links to these dangerous sites, despite the social network reiterating its claim to remove posts that take advantage of the COVID-19 situation.

BrandShield said it has found instances of phishing and fraud enabled by Facebook user groups that link to fake Netflix domains, including one Bangladesh-based group that claims to sell user accounts. 

While some of these Facebook pages do not link to a webpage, they do include contact details. 

The creators of these pages hope people will get in touch, share key personal information and payment information, and be left waiting for either the Netflix streaming service, or subsidised Netflix account as the fake sellers take their funds. 

BrandShield’s findings are thanks to its anti counterfeit software, which scans the internet for fake online marketplace listings, including Amazon and eBay.  

‘BrandShield protects some of the biggest corporations in the world and we takedown thousands of threats across websites and social media every month,’ said Keren. 

‘We are getting companies approaching us all the time asking for our help.

‘This problem is only going to get bigger as people spend more time transacting and interacting online.’  

Almost £2 million has been lost to coronavirus-related fraud across England, Wales and Northern Ireland alone, according to the UK’s cyber crime reporting centre. 

Action Fraud said it seen a number of different scams relating to COVID-19, including people and businesses falling victim to online shopping frauds.


Phishing involves cyber-criminals attempting to steal personal information such as online passwords, bank details or money from an unsuspecting victim. 

Very often, the criminal will use an email, phone call or even a fake website pretending to be from a reputable company. 

The criminals can use personal details to complete profiles on a victim which can be sold on the dark web. 

Cyber criminals will use emails in an effort to elicit personal information from victims in order to commit fraud or infect the user’s computer for nefarious purposes 

Some phishing attempts involve criminals sending out infected files in emails in order to take control of a victim’s computer.   

Any from of social media or electronic communication can form part of a phishing attempt. 

Action Fraud warn that you should never assume an incoming message is from a genuine company – especially if it asks for a payment or wants you to log on to an online account. 

Banks and other financial institutions will never email looking for passwords or other sensitive information. 

An effected spam filter should protect from most of the malicious messages, although the user should never call the number at the bottom of a suspicious email or follow their link. 

Experts advise that customers should call the organisation directly to see if the attempted communication was genuine.  

According to Action Fraud: ‘Phishing emails encourage you to visit the bogus websites. 

‘They usually come with an important-sounding excuse for you to act on the email, such as telling you your bank details have been compromised, or claim they’re from a business or agency and you’re entitled to a refund, rebate, reward or discount.

‘The email tells you to follow a link to enter crucial information such as login details, personal information, bank account details or anything else that can be used to defraud you.

‘Alternatively, the phishing email may try to encourage you to download an attachment. The email claims it’s something useful, such as a coupon to be used for a discount, a form to fill in to claim a tax rebate, or a piece of software to add security to your phone or computer. 

‘In reality, it’s a virus that infects your phone or computer with malware, which is designed to steal any personal or banking details you’ve saved or hold your device to ransom to get you to pay a fee.’ 

Source: Action Fraud



Source: Read Full Article