Netflix Accounts Are Being Used In Cyber Scams
Netflix has enjoyed huge success over the last couple of years. As stated in the companyâs overview, they have over 93 million members in over 190 countries enjoying more than 125 million hours of TV shows and movies per day.
Not bad for a company that started out during the declining years of physical entertainment, renting out DVDâs by mail.
Unfortunately, success often comes at a cost. Along with the adulation and well wishing, it often garners other types of, unwanted, attention. In the case of Netflix, this attention, as you can imagine, is increasingly coming from malicious cybercriminals.
What exactly are they doing though?
How They Can Get You
Cybercriminals are using several methods to breach vulnerabilities in peopleâs accounts. People who are probably too busy binge watching shows like Black Mirror to know whatâs going on. Oh the irony!
Among the methods these cybercriminals are reportedly using are the theft of user credentials that can be sold on the deep web, the exploiting of vulnerabilities, and most recently, the infecting of systems with Trojans capable of stealing the userâs financial and personal information.
What could a cybercriminal do with stolen user information though?
They could be sold on to other cybercriminals wanting to use the service for free. Thereâs another layer to the equation. A double-crossing of sorts; the lure of a free account could be used to trick someone into installing malware or ransomware onto their laptop.
Cybercriminals using details in this way can make a profit out of the initial selling of the information as well as by taking hostage of the same persons data. Never trust a criminal.
Trend Labs Security recently came across a ransomware luring Windows users via a pirate login generator. This is a typical way illegal websites share premium and paid for website details for free, as shown below.
Clicking the âGenerate Loginâ button in this case leads to another prompt window that purportedly contains the stolen information of a genuine Netflix account. RANSOM_NETIX.A uses these fake windows as a distraction, however, all the while performing its encryption routine on 39 files, unbeknownst to most users.
The ransomware is employed using an AES-256 encryption algorithm and appends the files with the .se extension. As can be seen below, the ransom note demands $100 worth of Bitcoin (0.18 BTC).
This is actually relatively little, as ransomware demands go, some iterations demanding $500 dollars within a very short time frame. Others even ask you to infect your friends with ransomware in order to decrypt your information.
How Can You Keep Yourself Safe?
There are, of course, two victims in this ransomware scam; those who are unknowingly having their details used to lure the other type of victim, and the other one who receives the ransomware.
The first type of victim can perform a simple action if they suspect theyâre account is being used illegally. Look through the ârecently watchedâ section of your Netflix account to see if any shows are popping up that you havenât seen. For this reason itâs good practice not to share your account with many people, however tempting it may be to allow friends or family in on the action.
Itâs also good practice to stick to your providerâs security recommendations. As always, be wary of unsolicited emails pretending to offer legitimate services. A good antivirus, of course, can also act as a barrier to certain types of malware and cyber attacks.
For the second type of victim, the advice is simple; pay for the service. The ten euros a month in savings really wonât seem so great when the device itâs used on, and everything on it, is at the mercy of cybercriminals.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
