NCSC: Act Now to Protect Streaming Accounts

The National Cyber Security Centre (NCSC) has warned British internet users to protect their streaming accounts ahead of a summer of sport.

The GCHQ offshoot warned that such accounts can hold a trove of valuable personal and financial information for threat actors to harvest and use to make fraudulent payments or launch follow-on phishing, smishing and vishing scams.

“The UEFA Champions League final will kick off a great British summer of sport and those enjoying it online should be able to do so securely. If accounts aren’t secure, it’s really easy for criminals to access them and then proceed to target people with scam texts and emails,” said NCSC director of policy, Nicola Hudson.

“To help stay protected from this, we would urge people to visit cyberaware.gov.uk for advice on securing accounts and devices and the NCSC’s website for dealing with scam emails and texts.”

The NCSC urged internet users to change their passwords to a strong credential in order to mitigate the risk of credential stuffing, and to pay special care to their email log-ins —  if these are hijacked, attackers could reset and change their other passwords. On the Cyber Aware site, it’s also recommended to switch on two-factor authentication.

It also asked users to switch on automatic updates for all apps to address the risk of streaming software being exploited by cyber-criminals.

The past year has seen a spike in the use of streaming services as employees and students were forced to stay home under government-mandated lockdowns.

However, that’s also presented an opportunity for threat actors: in less than a week last April Mimecast said it detected the registration of over 700 suspicious domains designed to impersonate the Netflix brand.