The popularity of Netflix has created a black market of user credentials for the streaming service. Netflix accounts allow up to four users to simultaneously stream movies and TV shows from the same account. Subsequently, user credentials are stolen then sold for the purpose of piggybacking on existing accounts. 

A recent report points to a large black market operation which combines phishing schemes targeting Netflix account holders and a hidden marketplace to resell the credentials. Along with other popular online services such as PayPal and Amazon, there has been a steady increase in Netflix phishing emails attempting to harvest credentials. According to the authors of the report at Symantec, a recent phishing campaign targeted Danish users: “The phishing email tried to trick users into believing that their Netflix account needed to be updated, as there was an issue with their monthly payment.” It’s important to remember that services like Netflix never request personal information through email, including payment information or account passwords.

Once the account information is stolen it is then stored in a database and sold to users who want to watch Netflix for a fraction of the price or to resellers. “In most advertisements for these services, the seller asks the buyer not to change any information on the accounts, such as the password, as it may render them unusable. This is because a password change would alert the user who had their account stolen of the compromise.” In the example provided in the report, resellers of hacked Netflix accounts were charging $0.25 USD per account. 

The report also notes the prevalence of malware which disguises itself as the Netflix application. Users who download Netflix from unofficial sources or click on advertisements for Netflix services at a reduced price have been infected with malware disguised as the Netflix installation file. In one example, the files were “downloaders that, once executed, open the Netflix home page as a decoy and secretly download Infostealer.Banload. Banload steals banking information from the affected computer.” 

To safeguard your computer and Netflix credentials, ensure you and your family members never respond to emails prompting you to provide account information or download popular programs from unofficial sources. And always remember to protect your computer with an up-to-date antivirus program.