Netflix Accounts Are Being Used In Cyber Scams

Netflix has enjoyed huge success over the last couple of years. As stated in the company’s overview, they have over 93 million members in over 190 countries enjoying more than 125 million hours of TV shows and movies per day.

Not bad for a company that started out during the declining years of physical entertainment, renting out DVD’s by mail.

Unfortunately, success often comes at a cost. Along with the adulation and well wishing, it often garners other types of, unwanted, attention. In the case of Netflix, this attention, as you can imagine, is increasingly coming from malicious cybercriminals.

What exactly are they doing though?

How They Can Get You

Cybercriminals are using several methods to breach vulnerabilities in people’s accounts. People who are probably too busy binge watching shows like Black Mirror to know what’s going on. Oh the irony!

Among the methods these cybercriminals are reportedly using are the theft of user credentials that can be sold on the deep web, the exploiting of vulnerabilities, and most recently, the infecting of systems with Trojans capable of stealing the user’s financial and personal information.

What could a cybercriminal do with stolen user information though?

They could be sold on to other cybercriminals wanting to use the service for free. There’s another layer to the equation. A double-crossing of sorts; the lure of a free account could be used to trick someone into installing malware or ransomware onto their laptop.

Cybercriminals using details in this way can make a profit out of the initial selling of the information as well as by taking hostage of the same persons data. Never trust a criminal.

Trend Labs Security recently came across a ransomware luring Windows users via a pirate login generator. This is a typical way illegal websites share premium and paid for website details for free, as shown below.


Clicking the “Generate Login” button in this case leads to another prompt window that purportedly contains the stolen information of a genuine Netflix account. RANSOM_NETIX.A uses these fake windows as a distraction, however, all the while performing its encryption routine on 39 files, unbeknownst to most users.

The ransomware is employed using an AES-256 encryption algorithm and appends the files with the .se extension. As can be seen below, the ransom note demands $100 worth of Bitcoin (0.18 BTC).


This is actually relatively little, as ransomware demands go, some iterations demanding $500 dollars within a very short time frame. Others even ask you to infect your friends with ransomware in order to decrypt your information.

How Can You Keep Yourself Safe?

There are, of course, two victims in this ransomware scam; those who are unknowingly having their details used to lure the other type of victim, and the other one who receives the ransomware.

The first type of victim can perform a simple action if they suspect they’re account is being used illegally. Look through the “recently watched” section of your Netflix account to see if any shows are popping up that you haven’t seen. For this reason it’s good practice not to share your account with many people, however tempting it may be to allow friends or family in on the action.

It’s also good practice to stick to your provider’s security recommendations. As always, be wary of unsolicited emails pretending to offer legitimate services. A good antivirus, of course, can also act as a barrier to certain types of malware and cyber attacks.

For the second type of victim, the advice is simple; pay for the service. The ten euros a month in savings really won’t seem so great when the device it’s used on, and everything on it, is at the mercy of cybercriminals.