Trend Micro News

hackers may be the reason your netflix account is exceeding the user limit

Stealing the show: Why hackers want your Netflix information

hackers may be the reason your netflix account is exceeding the user limit

This post is updated in March 2021.

The beauty of Netflix, HBO GO, Hulu and other over-the-top streaming services is the on-demand functionality. Not only can users watch what they want when they want, they can also do so from a location and on a device of their choosing. All they need is the login and account information.

While this is incredibly convenient, as it ensures that paying customers will have access to their content when they want it, it also comes with a slight security drawback: Any person who somehow gains access to a user’s login information can have complete access to the account, and this doesn’t just include your sister’s friend’s boyfriend.

Hackers are selling Netflix accounts


In a recent blog post, Trend Micro discussed a growing cyber threat impacting Netflix users: account theft. Several tactics are being used to pilfer login data from legitimate customers of the streaming service, one of which is phishing scams. A user is somehow lured to a proxy login page that is designed to appear genuine. This could be through a fabricated promotional email, a popup from a website, spam from social media or some other online source. Upon entering login information, hackers get unfettered access to the user’s account.

Sometimes, the user doesn’t even have to enter his or her login information for it to be stolen. Some malicious links are designed to lead to a fake login page that is capable of automatically stealing account credentials. So what exactly do hackers want with Netflix accounts? Here’s a hint: It’s not so they can binge watch Mad Men.

“These stolen Netflix accounts could be perused by any black-market shopper and use the pilfered credentials for just about any paid online service,” Trend Micro noted. “The sophistication of the scam suggests that these schemes aren’t one-off jobs, but rather part of a proficient business model that potentially feeds the Deep Web economy.”

In fact, there are as many as 300,000 stolen accounts available on the Deep Web selling for as little as 25 cents a pop, or four for a dollar. That’s a small fraction of what a legitimate paying customer’s monthly bill amounts to. 

It’s also worth mentioning that similar tactics are being used to steal online banking credentials and other login information. According to NBC, hackers have been going after PayPal and Uber accounts, too. Uber accounts actually sell for more than Netflix accounts, averaging at about $3.78 in the cybercriminal underground, while PayPal credentials for accounts with $500 or more in them will go for $6.43. 

Netflix “free subscription” phishing scam


We’ve noticed some text messages such as this “Due to the pandemic, Netflix is giving everyone a free 1-year subscription to help you stay at home. Get yours here: (link)” were sent to many people recently. Be careful. These messages are phishing scams.

Scammers try to trick people into clicking the phishing link included in these messages, posing as Netflix and claiming to be giving away free subscriptions.
Similar methods apply in other phishing text messages. For example, scammers might ask you to track your delivery or to verify your account via the link they provide.

If you click on the link, you will either accidentally share your login credentials or other personal information with the scammers, or in a worse case, unknowingly download malicious files to your device.

Netflix free subscription phishing scam.
Netflix free subscription phishing scam. Source: Reddit


How do you avoid being scammed?


Awareness is the best form of free cybersecurity there is. When it comes to keeping your Netflix and streaming service login data away from hackers, diligent account management is key. As tempted as you might be to give your login credentials to all of your friends, this increases the likelihood that you’ll end up having your information stolen for several reasons. For one, it means that the account will probably have more activity, and this can throw you off a hacker’s trail. One of the best ways to know if fraudsters are getting a free show is by perusing the “recently watched” section for content that you, or other authorized users of the account, have not been watching. The only problem is that the more people you give your login info to, the harder this becomes, especially if they share your login info with other people. 

At some point, it may become obvious that your account information has been sold, for instance, if you frequently get a message stating that there are too many people watching at any given time. If this happens, Trend Micro recommends going into your account, selecting “Viewing Activity,” and then “See recent account access.” From here, you will have the option to “Sign out of all devices.” The next step is to change your user password to ensure that no one is accessing the account who shouldn’t be.

It is important to stay alert and check before your next move. Be aware of any too good to be true offers and unknown links sent or shared by people you don’t know. If you are unsure of content or request, you can copy/paste the link (URL) and send it to Trend Micro Check for immediate scam detection. Too lazy to copy/paste? You can send a screenshot directly to Trend Micro Check as well!

Check if the link is safe with Trend Micro Check in seconds.
Check if links are safe with Trend Micro Check in seconds.

Time also posted a few recommendations that can be of help. A tell-tale sign that your account has been hacked is a change in the language setting. These accounts may be purchased by online users across the globe. If at any point, your Netflix account is suddenly in a language other than the one you set it to, you should immediately sign out of all devices and change your password. It’s not a weird glitch; it’s a sign of account theft. 

Last but not least, be smart about the websites you visit and the links you open when browsing the Internet. Misspelled URLs, links that are shared in a strange context – for example, if someone shares a link to a Netflix account on Facebook and tags 50 friends in it – and emails allegedly from the content providers that are poorly worded, or don’t match the company’s anesthetic, sent to your inbox are all signs of phishing scams. By avoiding these, you can prevent having login credentials stolen in the first place.

It’s time to start fighting phishing scams and other tactics for credential theft more effectively. Take the first step by being a more conscious Internet user.