AskCyberSecurity.com

Cyber Security News & Information

AskCyber Home » News » scam » WhatsApp Streaming Scam Steals Account Credentials

WhatsApp Streaming Scam Steals Account Credentials

by

WhatsApp Scam Offers Fake Free Streaming Service Subscriptions to Steal Account Login Credentials

A new WhatsApp streaming Scam steals streaming media service login credentials . The scam targets new and existing streaming service subscribers. Messaging in this scam attempts to trick subscribers into disclosing their account information in exchange for the false promise of free subscriptions or account credit. Cyber security researchers at ZeroFOX Alpha discovered the scam on WhatsApp but many social media channels have similar scams.

Streaming services like Hulu, Netflix, and Disney+ have experience massive increases in new subscriber sign-ups due to more people being quarantined at home. This presents an opportunity for hackers to take advantage those spending increased time at home.

This WhatsApp streaming scam lures in victims by offering free streaming service memberships or account credit to anyone who enrolls in the fake program. Many online service providers, websites, and apps are offering free content in the form of tutorials, lessons, books, and videos to entertain, educate, or otherwise help people occupy their time during the global quarantine. Messaging offers free access as another gesture of goodwill.

Hulu Streaming FIlms

This scam offer is crafted to look like it is posted by a legitimate service by using their branding, messaging, and graphics. If the reader clicks on the link in the WhatsApp message, it sends them to a spoof website also designed to look like it is a legitimate streaming service. The webpage reiterates the clam that streaming services will be free of charge during the pandemic. It also shows a counter of how many subscribers have acted upon the offer as social proof and to increase credibility.

The spoof website asks a series of questions then congratulates the victim for “winning” a free subscription. Victims are also instructed to share the offer with ten other people to activate their free subscription. They are then asked for their streaming account username and passwords. After completing the requests to get their free streaming service subscription or account credit – both of which are fake – the victim is redirected to the legitimate provider’s website to help disguise the scam.
Although this scam was spotted on WhatsApp, several these types of scams are circulating on social platforms

WhatsApp Streaming Scam

The scam falsely promises free monthly subscriptions in exchange for account login information. Scammers sell stolen account credentials on the dark web or use them to takeover an account. The Andy’s iPhone Hulu attack is an example.

Don’t Fall for Fake Streaming Scams

Although the messaging and design of online scams differs from campaign to campaign, most scams have some commonalities.

  • Online scams and phishing emails both scare the reader with a sense of urgency. They supposedly must act quickly to get something or take action to avoid a penalty
  • Scams often use “too good to be true” offer to get the reader to act without taking the time to examine the messaging
  • Online scams often link to website that look very similar to legitimate websites
  • Scams have a goal – steal money, account credentials, personal information

About Keith Harlock

Keith has 30 years of experience managing staff for the planning and design of highway, bridge and transportation-related projects and specialty structures. Keith oversees the development of and authors numerous reports on a variety of topics related to transportation engineering and has worked with several key clients on projects related to infrastructure security. Keith is a licensed professional engineer in the State of New York, currently a State Board member of the American Council of Engineering Companies of New York and is a licensed commercial pilot with an instrument rating. He resides in Western New York.