Scammers are using fake Disney Plus emails to access users' personal data — especially their banking information. According to our colleagues at The Money Edit (opens in new tab), scammers send emails that tell victims they need to act immediately to prevent their accounts from being disabled. It's a close cousin of the banking scams, where seemingly-official email messages impersonate Bank of America and others which can easily lead to empty customer bank accounts.
Learn some of the things to watch out for, to avoid becoming the next Disney Plus scam victim.
Fake Disney Plus email basics
Scammers create lookalike email addresses and messages, which mirror official Disney Plus emails to confuse subscribers. A typical scam email tells the recipient that Disney Plus has been unable to renew their subscription due to a "technical incident".
Sign up for Kiplinger’s Free E-Newsletters
Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.
Profit and prosper with the best of expert advice - straight to your e-mail.
The goal of this tactic is to panic the victim into updating their billing information —using the link provided in the email — before their account gets canceled.
Of course, rather than going to the Disney Plus website (opens in new tab), the link takes users to a website that requests sensitive personal information, including bank login details. And, instead of resolving their non-existent subscription issue, scam victims grant unknown criminals unrestricted access to their bank accounts.
Classic phishing scams
The Federal Trade Commission (FTC) (opens in new tab) says this is all typical behavior from phishing scammers, who impersonate a variety of trusted businesses and organizations with lookalike emails to steal personal data and funds from victims.
Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment. This can include out of the blue email or text messages supposedly from familiar companies, including banks, telecoms, or online payment services. Don't buy it. The scammer could try one of several lines to obtain your personal info:
- "We've noticed some suspicious activity or log-in attempts;"
- "There's a problem with your account or your payment information;"
- "Can you confirm some personal or financial information;"
- "This is your latest invoice;"
- "Click this link to make a payment;"
- "You’re eligible to register for a government refund;" and
- "Claim your coupon for a free gift."
How to spot the fake Disney Plus emails
If you receive an unexpected email with similar messaging telling you to act immediately, don't panic. Take a moment to read the email all the way through.
Check the sender's email address, and hover over the URL they ask you to click. If the email address looks odd, or the link doesn’t look like the official Disney Plus URL, (https://www.disneyplus.com/ (opens in new tab)) proceed with caution.
Before clicking, try to log into your Disney Plus account in a separate browser tab and check around to see if your payment details are in order. If you're still concerned, reach out to Disney Plus on its support channels directly.
Disney (opens in new tab) states that it will never contact you via social media, email, text or phone asking for payment or your private accounts information such as a password or payment details.
Stop the scam after it's started
If you think you've fallen prey to a phishing scam and you've shared info with a fake Disney Plus website, immediately alert your bank and share details.
Your bank will be well-versed in handling scams. They should work with you to block any fraudulent transactions or transfers, cancel cards, and refund any lost funds from the scams.
Be wary of follow-up scams. Now that criminals have your private details, they're likely to try to scam you again from totally different angles, using a variety of channels including phone, email, and even snail mail.
Protect yourself from the next scam
A spokesperson for Disney Plus said: “We encourage people to remain vigilant online, and to refer to our Disney Plus Help Center (opens in new tab) for more information on phishing and ways to keep your account secure (opens in new tab).”
Use your email service's "spam" button to add the scammer's email address to a potential threat database. This will protect you and other potential phishing targets from future messages from this address.
Report fake emails and phishing websites to the FTC at https://reportfraud.ftc.gov/ (opens in new tab), so they can take action to remove these websites.
Warn friends and family about a scam — but make sure to send them a screenshot instead of forwarding suspicious emails directly.
The FTC provides the following tips to protect your data across all your devices:
- Protect your computer by using security software. Set the software to update automatically (opens in new tab) so it will deal with any new security threats.
- Protect your cell phone by setting software to update automatically. These updates could give you critical protection against security threats.
- Protect your accounts by using multi-factor authentication. Some accounts offer extra security by requiring two or more credentials to log in to your account. This is called multi-factor authentication. The extra credentials you need to log in to your account fall into three categories:
- something you know — like a passcode, a PIN, or the answer to a security question.
- something you have — like a one-time verification passcode you get by text, email, or from an authenticator app; or a security key
- something you are — like a scan of your fingerprint, your retina, or your face
- Protect your data by backing it up. Back up the data on your computer (opens in new tab) to an external hard drive or in the cloud. Back up the data on your phone, too.
Related Content
- Netflix password sharing crackdown will affect 100 million users.
- Romance scams to beware - signs of a scammer at work.
- Crypto hackers stole a record $3.8 billion in 2022. Don't be next.
- Are you a money moron? Where's our financial common sense?
-
-
Three Legal Documents Your Child Should Sign When They Turn 18
Legal documents such as durable power of attorney, a healthcare proxy and a HIPAA release can give parents the legal right to make decisions if their child needs help.
-
JetBlue's TrueBlue Loyalty Program Now Gives Perks to Infrequent Flyers
JetBlue's TrueBlue loyalty program added new tiles and Mosaic levels to offers more ways for casual travelers to earn perks more regularly.
-
Tired of Scam Text Messages? The FCC Cracks Down
New scam text message rules from the FCC require carriers to block texts from bad numbers and protect consumers.
-
Tax Scam: IRS Warns Taxpayers Against Filing False W-2 Info
Scams A new tax scam on social media advises lying on your W-2 to falsely claim credits and bigger refunds.
-
Scams Cost Consumers $8.8 Billion in 2022 — The Top Five Frauds
Scams and frauds jumped to shocking new highs last year. Learn the top five types, and use our tips to protect yourself.
-
Romance Scams to Beware — Signs of a Scammer at Work
People seeking love and connection are attractive targets for fraudsters. Avoid these romance scams that prey on your best intentions.
-
Banking Scams: Beware Fraudsters Impersonating Your Bank
Scams — and the criminals behind them — are getting more creative in separating victims from their money.
-
Watch Out for Flood-Damaged Cars from Hurricane Ian
Buying & Leasing a Car In the wake of Hurricane Ian, more flood-damaged cars may hit the market. Car prices may rise further because of increased demand as well.
-
The Best Way to Protect a Parent from Scammers
Scams Adult children worried about their parents’ ability to spot and avoid fraud have several options to help protect them, including a durable power of attorney, a guardianship and a revocable trust. Which might be best for your family?
-
How to Avoid a Summer of Scams – Expert Tips to Help Aging Parents
Scams Financial professionals share their top tips to help avoid becoming a statistic in a summertime wave of identity theft, account hacks and telemarketing fraud.
