Hackers are reportedly using a phishing campaign that tells users that their
Hackers guide users through the process of sharing their logins and banking information
Photo Credit: Bitdefender
In order to target users with the Netflix suspended account scam, hackers send users an SMS that tells users that there was an issue processing their payment, instructing them to sign in and “confirm” their details by tapping on a link. Users who do so are taken to the phishing website.
In order to convince users that the phishing website is legitimate, the hackers prompt them to solve a simple math problem in order to prove they are not a robot. However, a glance at the URL of the phishing website would reveal that it is not hosted on Netflix’s domain (netflix.com).
Users are then prompted to enter their email address and password on the phishing website, which appears to be identical to the official Netflix login page. The hackers gain access to the user’s credentials — granting them access to their account, as the service does not offer any form of two-factor authentication.
Netflix user data is being sold for as little as $2.99 on the dark web
Photo Credit: Bitdefender
The hackers then show users a page that says their account is temporarily suspended as their primary payment cannot be billed. They are then asked to enter a credit or debit card number and expiry date, along the CVV number. The hackers also offer users an option to purchase gift cards, which are only available in some countries.
Once these details have been stolen, hackers sell the Netflix credentials and the credit card information on the dark web. The security firm also shared screenshots of some of these credentials available for purchase for as little as $2.99 (roughly Rs. 250), which can be purchased by buyers using cryptocurrencies.
In order to keep their information safe from hackers, users should only trust emails sent from the Netflix.com domain — these are delivered via email, not SMS — and it is easy to check the sender’s information. If users receive a message, they can visit the Netflix site by typing the netflix.com URL in the address bar and checking their account after logging in.
