Latin America. Streaming is gaining more and more strength in the world, not in vain Digital TV Research estimates that there are 1,850 million subscriptions in the world and that figure is expected to reach 2,000 million by the end of 2026.
According to reports such as DataReportal and The CIU, about 22% of the Colombian population directly accesses services such as Netflix, HBO Max, Disney Plus, Apple TV, Prime Video, among others.
These figures make cybercriminals rub their hands together and that is why within the framework of World Personal Data Protection Day, which was celebrated on January 28, a call is made to be more cautious, taking into account that, according to Fortinet's threat intelligence analysis, Attackers have perfected their social engineering tactic, in which they design emails or text messages that almost perfectly mimic the aesthetics of well-known brands to mislead.
"The deception usually begins with messages that appeal to urgency, such as alleged billing errors, the immediate suspension of an account or promotions that are too good to be real. Its objective is to generate pressure and avoid verification, so it is key to be suspicious, always validate the source and go to official channels to counter this type of fraud," explains Arturo Torres, Director of Threat Intelligence for Fortinet's FortiGuard Labs in Latin America and the Caribbean.
Typically, these types of messages come with misspellings and contain links that lead to fraudulent websites, which are near-exact replicas of official pages, meticulously designed to capture login credentials and, most seriously, sensitive financial data.
"Once the user enters their information on these fake portals, criminals not only gain full control of the streaming account, but also open a gateway for more complex fraud, theft of personal data, and more far-reaching attacks," warns Torres.
The sophistication of these attacks has reached a point where Artificial Intelligence techniques are even used to personalize messages and bypass traditional security filters.
Cybercriminals analyze consumer trends and the most anticipated launches to launch massive phishing campaigns that coincide with world premieres, thus increasing the odds that an unsuspecting person will click through the excitement of the moment.
For organizations, this risk is transferred to the corporate environment when employees access these personal services from work devices or business networks, opening security gaps that can compromise sensitive business data. Resilience against these threats depends not only on advanced protection technology, but on a culture of cyber awareness where source verification and distrust in the face of alarming messages are the first line of defense.
Don't fall for it
1. Be wary of urgency and verify the source: Cybercriminals use panic to get you to act without thinking. In the event of any billing or error notifications, never click on the link in the message. Close the email or SMS and go directly to the official app or type the address of the platform in your browser to check the status of your account.
2. No legitimate company will ask you for your sensitive data via a link. Passwords, verification codes, or banking information should never be shared via email, text messages, or social media. If someone asks for them, it is not a formality: it is an attempt at fraud.
3. Enable two-factor authentication: This is the most robust layer of defense. Even if an attacker manages to trick you and obtain your username and password through a fake page, you will not be able to access your account without the additional code that arrives on your cell phone or authenticator application.
4. Digital security does not depend only on the user's attention, but also on the tools that protect them. Using reliable security solutions—such as up-to-date antivirus, anti-phishing filters, and password managers—can identify fake sites, block threats before they materialize, and significantly reduce the risk of exposure to digital fraud. In an environment where attacks are constantly evolving, having these tools is no longer optional, but a basic measure of protection.
5. Develop a critical eye for aesthetic perfection: With the use of AI, fake emails no longer always have glaring spelling errors. Look at the technical details: check that the sender's domain exactly matches the official brand (for example, not @https://www.google.com/search?q=netflix-pagos.com instead of @netflix.com) and hover over the buttons to see the actual URL before clicking. If something seems "too good to be true," it's probably a trap.
Reporting phishing attempts and reporting these messages to the affected platforms or entities not only helps stop the spread of these frauds, but also protects other users and strengthens the digital ecosystem. In the face of deception, silence favors criminals; reporting, on the other hand, becomes a key tool for collective protection.
