Hackers Using Netflix Suspended Account Scam in Several Countries

Hackers are reportedly using a phishing campaign that tells users that their Netflix account has been suspended, in order to prompt them to visit a maliciously crafted website that is used to steal their Netflix password and banking information. According to details shared by a security firm, criminals are using a sense of urgency to prompt people to provide their payment information on phishing websites. Netflix does not currently offer support for two-factor (2FA) authentication, which adds a second layer of protection in addition to the user’s password.

Stolen Netflix User Data Could End Up on the Dark Web

Bitdefender recently identified a new phishing scam that is designed to convince users that their Netflix account will be suspended, due to a failed payment. According to the security firm, hackers are using the scam to steal a user’s Netflix username and password, while also collecting their banking information.

Hackers guide users through the process of sharing their logins and banking information
Photo Credit: Bitdefender

In order to target users with the Netflix suspended account scam, hackers send users an SMS that tells users that there was an issue processing their payment, instructing them to sign in and “confirm” their details by tapping on a link. Users who do so are taken to the phishing website.

In order to convince users that the phishing website is legitimate, the hackers prompt them to solve a simple math problem in order to prove they are not a robot. However, a glance at the URL of the phishing website would reveal that it is not hosted on Netflix’s domain (netflix.com).

Users are then prompted to enter their email address and password on the phishing website, which appears to be identical to the official Netflix login page. The hackers gain access to the user’s credentials — granting them access to their account, as the service does not offer any form of two-factor authentication.

Netflix user data is being sold for as little as $2.99 on the dark web
Photo Credit: Bitdefender

The hackers then show users a page that says their account is temporarily suspended as their primary payment cannot be billed. They are then asked to enter a credit or debit card number and expiry date, along the CVV number. The hackers also offer users an option to purchase gift cards, which are only available in some countries.

Once these details have been stolen, hackers sell the Netflix credentials and the credit card information on the dark web. The security firm also shared screenshots of some of these credentials available for purchase for as little as $2.99 (roughly Rs. 250), which can be purchased by buyers using cryptocurrencies.

In order to keep their information safe from hackers, users should only trust emails sent from the Netflix.com domain — these are delivered via email, not SMS — and it is easy to check the sender’s information. If users receive a message, they can visit the Netflix site by typing the netflix.com URL in the address bar and checking their account after logging in.