Scammers are currently setting their sights on various websites lacking reliable protection, as they search for a more accessible and efficient means to disseminate phishing pages. These older sites, due to their lack of support and maintenance, have now become susceptible to hacking through well-known vulnerabilities, thereby opening the gateway for phishing attacks.
Exploiting Websites for Data Theft
Shedding light on this issue, experts from Kaspersky reveal the tactics employed by fraudsters who exploit these websites by embedding counterfeit pages that stealthily harvest private and financial data. This ultimately leads to the theft of money, all under the guise of popular services, including prominent streaming platforms.
Kaspersky’s most recent research underscores that malicious actors are concentrating their malevolent endeavors on WordPress sites, capitalizing on their known weaknesses. In certain instances, cybercriminals may not solely depend on software vulnerabilities to compromise these sites.
Instead, they focus on site administrators who possess feeble passwords or credentials that have been compromised and leaked, thus enabling unauthorized entry into the control panel where they can publish phishing pages.
Often, these compromised sites exhibit non-functional buttons on their homepages, which attackers exploit by substituting the original directories with deceptive ones housing phishing content.
Deceptive Pages Mimicking Streaming Platforms
The burgeoning popularity of streaming services has rendered them an attractive target for cybercriminals who eagerly exploit this trend.
Kaspersky experts consistently uncover meticulously designed phishing pages that closely mimic reputable streaming platforms such as Netflix, HBO Max, Hulu, Disney+, and more. Among the scrutinized pages, some are cleverly generated by leveraging old, hacked websites.
These deceptive phishing pages present login forms that bear a striking resemblance to those of Netflix, while the URL carries the correct (or altered) name of the targeted streaming service.
Yet, the actual name of the website bears no relation to the service it attempts to replicate. This calculated manipulation aims to mislead unsuspecting users and entrap them into revealing sensitive information.
Misleading Users for Data Disclosure
As unsuspecting users endeavor to register for a streaming account, they unwittingly disclose their personal details, including account login credentials and banking information (including CVV codes).
This has far-reaching consequences, as users not only suffer financial losses but also face the peril of compromising their valuable data.
Furthermore, the perpetrators store this stolen data within the site’s control panel and exploit the presence of web shells, granting unauthorized access to this information and thus subjecting victims to a wider audience.
Introducing SubsCrub
Olga Svistunova, a security expert at Kaspersky, emphasizes the need for vigilance in the digital domain despite the revolutionary impact of streaming services on our entertainment habits. She strongly advises procuring subscriptions exclusively from authorized sources to minimize susceptibility to scams.
Additionally, she suggests exploring the utility of subscription-manager applications that offer secure and convenient ways to manage subscriptions.
By harnessing these apps, users can safely renew subscriptions, retain control over their accounts, and safeguard sensitive information from potential threats.
In this regard, subscription management software such as SubsCrub, an initiative stemming from Kaspersky, provides a seamless solution for tracking subscriptions, streamlining payment reminders, and identifying opportunities to save money.
With its user-friendly interface and robust features, SubsCrab ensures effortless subscription management, empowering users to maintain organization and financial prudence.