Hackers are selling your Netflix password for a measly $0.25
The company says credentials are generally stolen either by phishing emails, or by malware posing as Netflix apps that may also steal credentials for online bank accounts.
In other cases, third-party services supply their customers with log-in credentials that were stolen from legitimate Netflix viewers. The streaming service allows between one and four users on the same account, meaning that an attack can piggyback on a user’s subscription without their knowledge.
Netflix Denmark, meanwhile is subject to dedicated phishing campaigns. The hackers add the users’ information to a growing black market that offers cheaper access to the service.
The people behind these websites are actually providing access to hacked accounts, and you may end up sponsoring a crime ring without even knowing, or even worse, being infected with malware if the service asks you to install their custom app to access their service.
Symantec recommends that consumers subscribe only to the legitimate Netflix service.
In these phishing campaigns, attackers redirect users to a fake Netflix website to coax the user into providing login credentials, personal information and payment card details.
In the phising campaign, the compromised victims are sent an email which tells them to update their Netflix account as there is a potential problem with payment.
Symantec cited, in particular, a phishing campaign on January 21 that targeted Danish users.
If the buyer from Netflix black market leaves the information unedited, the genuine subscriber can still notice someone tampering his account via his “recently watched” list. But there’s actually significant demand for access to cheaper Netflix accounts. The sender was Netflix@fakt[REDACTED].com and the subject line read “Opdater Betalingsinformation”.
The word from Netflix black market is that customers are not to change their account details as it would alert the original subscriber about the suspicious invasion of his account. Symantec says that users can be tricked into downloading the malware by ads that claim to offer less expensive access to Netflix. “You can generate nearly unlimited accounts per day”.
The security firm Symantec wrote on its official blog that hackers illegally acquire account information from Netflix subscribers and then offer the stolen information for sale on the black market.