Hackers are reportedly stealing Netflix account information from customers who spend money on monthly cable subscriptions and are putting them available for sale on the expanding underground community for a surprisingly low price tag of $0.25.
Right now, customers are paying for $9.99 to gain access to Netflix. It appears, however, that many people do not want to spend so much for a Netflix account.
Security firm Symantec published a blog post explaining how attackers steal users' account details before putting them on sale on the black market.
How Hacker Steal Netflix Accounts
The report reveals two primary ways by which cybercriminals steal customers' account information.
1. Malware Campaign
A malware campaign tricks users into trusting that they have downloaded official Netflix software. Normally, the campaign dupes customers into thinking that they are getting a free or discounted account. The truth is, the software incorporates malevolent files that, when executed, install malware on the compromised computer.
Specifically, the software would download a trojan called Infostealer.Banload, which lifts essential details from the user's computer, including bank information and, yes, Netfllix account logins.
2. Phishing Campaign
Attackers also steal Netflix logins via phishing campaigns. Users are led to a fake Netflix site and asked to key in their credentials, payment information and personal information. Since Netflix allows up to four users on a single account, hackers can piggyback on subscriptions without the owners knowing.
Symantec says it uncovered a Netflix phishing campaign a few weeks ago fooling users into believing that their Netflix accounts have to be updated due to an issue with their payment. The campaign originated from netflix@fakt[REDACTED].com with this subject: Opdater Betalingsinformation. The website to which the campaign is linked is no longer active.
Netflix Generator
Symantec also reveals that the attackers use Netflix account generators to create new accounts using compromised payment details. Buyers may then either use these accounts for themselves or resell them underground.
How To Keep Attackers Out
Users should download only the official Netflix app from official sources. Also, be wary of emails that promise Netflix services for free or at a low price, and do not click links included in these emails as they are very likely phishing scams that will lead you to compromise your Netflix account and private information.