2, 5, 7. CBS, NBC, ABC. Watching TV used to be as simple as ABCs and 123s. Cable TV gave us more to watch, and now streaming our shows and movies on-demand is how this generation will understand the concept of “TV”. The proliferation of services like Netflix, Hulu and Disney+ mean that more and more families are changing the way they consume and pay for entertainment. Chances are that you subscribe to one or more of the services mentioned above.
Each service offers a vast selection of entertainment at your finger tips. Each service also requires a unique account in your name and your credit card on file to bill you. Instead of one account and payment due to a cable TV provider, we might have a dozen accounts to keep tabs on. Netflix and services like it, are prime targets for hackers. Whether someone is interested in compromising your account to watch free TV or to gain access to your billing and credit card info, the techniques are the same and begin with a phish. You’ve probably seen messages like these a little too often.
Phishing emails are increasingly difficult to distinguish from the real thing. There are fewer spelling and grammatical errors to assist you in spotting a phish. Combined with official looking branding and a sense of urgency, it’s understandable how these messages might fool you.
Can you spot the phishing messages in this post without additional context? Two are legit and two are phishy.
Here are a few simple things you can do to protect your identity and keep your media accounts secure.
- If you receive an email purporting to be from a service that you subscribe to, pause and ask yourself a few questions – Were you expecting the message? Was it received at an odd time? Who is the sender? Look at the sender’s address and examine links to reveal the origin of the message.
- Avoid using the same username and password for all of your TV accounts. It’s tempting to use a password that you’ve used before because it is easy to remember. The bad guys trying to compromise your account know this well and will get their hands on a password of yours and try it on all accounts that you might have, a technique called credential stuffing.
- When in doubt about a source of a message, interact with your service provider directly through their website or app. (e.g netflix.com, hulu.com, etc.)
- If you’ve clicked a link, provided personal information, or otherwise feel that you account has been compromised, don’t panic. Reset your password and report the incident to your service provider.
Want to practice your phish spotting technique? Google’s free phishing quiz will test your ability to spot a fake. https://phishingquiz.withgoogle.com/
As always, thank you for reading! We’d be honored if you binge-read our posts and share what you’ve learned with friends and family.
And now, back to our regularly scheduled programming…
#SimpleSecurity #BeCyberSmart #CyberAware