Other ways to search: Events Calendar | UTHSC

SPAR – Cybersecurity Scam of the Week – Online Streaming Scams and Risks


It is estimated that about 80% of U.S. consumers now subscribe to at least one paid streaming service, up 73% from pre-COVID days. Online streaming sites are a highly lucrative market for cybercriminals to launch attacks and steal personally identifiable information (PII).

Remember back in 2019 when Disney launched Disney+ and thousands of accounts were stolen and for sale on the dark web? Not only do online streaming sites have masses of subscribers, but it is also common for users to share their login credentials with friends and family. Password sharing and recycling on these sites make them a prime target for distributing malware, launching spam, and phishing attacks.

What Are the Risks of Online Streaming?

When it comes to entertainment-based online streaming applications, security often takes the backseat. Just as all popular trends go, the increase in streaming use has opened a new attack vector for cybercriminals and can present different risks for users. These include:

Identity theft and fraud: Many online streaming sites require users to create an account for their services. Typically, people tend to use the same email address or username for all our accounts. Research by Google reports as many as 65% of people reuse the same password for multiple or all accounts.

If users utilize the same password on numerous sites, and it is discovered, it makes it easy for hackers to obtain access to other accounts. Cybercriminals can then extract confidential data and sell it to third parties, putting users at risk of identity theft and scams.

Malware: Many illegal online streaming sites are riddled with malware or adware disguised as pirated video files. Malicious software can infect other devices connected to a network and give hackers direct access to private files on a device. Malware may also make your device slow down or appear non-responsive, serve pop-up windows or ads, or take you to sites you don’t want to visit.

Phishing: Phishing scams often imitate streaming platform login pages or send fake emails that appear to be from popular streaming services, to trick users to confirm their payment details or add their billing information. If recipients enter their credentials, cybercriminals can use their sensitive information to deliver future phishing attempts, obtain access to other accounts, or retrieve the credit card information linked with the account.

Inappropriate content: Watching content via an unauthorized website, a modified box, stick or add-on can expose younger viewers to explicit advertisements and age-inappropriate content.

How to Stay Safe While Streaming Online

Use legal streaming services:  There are many legal streaming services available, such as Amazon Prime, Netflix, and NOW TV. These “subscription video on demand” (SVOD) services have been growing in popularity over recent years and have clean, dedicated apps and sites with no malware or adware threats.

Avoid sharing data with untrusted platforms: You should never share your personal data with unknown sites or apps that you don’t know or trust.

Don’t click on suspicious links: Cybercriminals often embed malware into disguised images or hyperlinks. Never click on suspicious download prompts or links.

Password protection: Use a strong password, including lowercase and uppercase letters, numbers, and symbols. Never reuse the same password for different accounts.

What else has been reported to abuse@uthsc.edu this past week?

  • [Ext] REMITTANCE ADVICE, Payment **numerous numbers** –  a classic invoice, or ACH, scam wanting the recipient to click on an attachment. Different people on campus reported this with different “invoice” numbers in the subject field. Scammers do this, so if we block a certain subject line, others will go through.
  • Office 365 email verification: We received a request from you – an email stating there was a request to terminate an Office 365 account. You only have to “click here” to verify if you want to keep the account.
  • [Ext] Assistance Needed ! – another gift card scam making its way through a department.
  • [Ext] Are you available at the moment? – the same thing with a different subject line. The start of a gift card scam.
  • {Password}Expiration for **NetID** on January 21, 2022 – another attempt to scare users into clicking a link to “Keep Same Password”, which is against UT password policy.

Keep reporting suspicious emails to abuse@uthsc.edu for examination and any other questions for the Office of Cybersecurity should utilize TechConnect to report an incident.