Scammers are targeting websites lacking reliable protection in an effort to distribute phishing pages more easily and effectively. These old websites are vulnerable to hacking through well-known exploits, which pave the way for phishing attacks.
Kaspersky experts say fraudsters are taking advantage of these websites by placing fake pages that gather private and banking data. This data can then be used to steal money from victims, often under the guise of popular services, such as streaming platforms.
According to Kaspersky’s latest research, attackers are focusing their malicious activity on WordPress sites due to known vulnerabilities. In some cases, cybercriminals may not rely solely on software exploits to compromise sites.
Instead, they may target site administrators with weak passwords or leaked credentials, enabling them to gain unauthorized access to the control panel and publish phishing pages.
The surge in popularity of streaming services has made them a prime target for cybercriminals. Kaspersky experts are consistently discovering cunningly crafted phishing pages that mimic well-known streaming platforms, such as Netflix, HBO Max, Hulu, and Disney+. Some of these pages are deceptively created by using old, hacked websites.
These phishing pages feature login forms resembling those of legitimate streaming services. The URL may also contain the correct (or modified) name of the targeted streaming service.
However, the actual name of the website has no relation to the service it is attempting to imitate. This deliberate manipulation aims to deceive unsuspecting users and trick them into divulging sensitive information.
When unsuspecting users submit their personal information, including account login credentials and banking details, they not only risk financial losses but also risk compromising their valuable data. Additionally, this data may be stored in the site’s control panel, where it could be accessed by unauthorized individuals.
“While streaming services have revolutionized our entertainment habits, it’s crucial to remain cautious in the digital realm,” said Olga Svistunova, a security expert at Kaspersky.
“We strongly recommend obtaining subscriptions exclusively from authorized sources to minimize the risk of falling victim to scams. Additionally, explore the availability of subscription-manager apps that offer a secure and convenient approach to managing your subscriptions.”
