Jump directly to the content

NETFLIX and Prime Video users have been warned they are the target of a near constant stream of scams looking to takeover their accounts.

A new report from cybersecurity experts at Bitdefender has warned that the sale of stolen streaming accounts are flourishing on the dark web.

Tens of thousands of 'lifetime' Netflix accounts have been sold by a popular seller known as 'bulkversion'
2
Tens of thousands of 'lifetime' Netflix accounts have been sold by a popular seller known as 'bulkversion'Credit: Bitdefender

Cybercriminals, according to the team, are mirroring legitimate retail sites.

Listings of stolen streaming accounts, which are on sale for between $5 and $15 (£4-£12), are fit with customer reviews, bulk deals, and even "warranties".

"Many subscription plans offer 'lifetime guarantees'," Bogdan Botezatu, director of Bitdefender's Threat Research and Reporting division, told The Sun. "Meaning customers are able to order the subscription as a one-time purchase which lasts 'for life'."

He added: "While the validity of this claim is difficult to measure, it can be tracked through consumers reviews of the product."

READ MORE ON STREAMING

To keep up with promises of 'lifelong' subscriptions, and warranties, crooks most likely "get their hands on fresh accounts at a constant rate," Botezatu explained.

Fraudsters do this either by phishing customers and hijacking accounts for dark web buyers, or by creating new accounts with the payment details from stolen credit cards.

"Cybercriminals can create fresh accounts and add stolen or fraudulent payment mechanisms such as credit cards or gift cards for services that support this type of payment," added Botezatu.

"Some other fraudulent operations focus on getting money via gift cards from victims.

"These businesses often trade gift card balance for a fraction of their value in crypto-currency.

"Those who buy gift card money can then pass this 'value' down as streaming accounts to customers."

Dark web revealed - how the internet's shadowy twin fuels cybercrime and empowers digital privacy

Just last week, Bitdefender warned Netflix users over a bank-raiding scam that can their accounts - plus their credit card information.

Customers are send dodgy text messages containing fraudulent Netflix links.

The messages claim that the recipient has failed to pay for their subscription and that their account will soon be suspended if they don't make up the balance.

The link then takes them through to a fake Netflix page, allowing scammers to harvest their login details and payment information.

Sellers rely heavily on the reviews they receive.

The listings in the image above, supplied by Bitdefender, show sellers garnering a level 8 in reputation - a good sign that buyers are happy with the purchases they made.

READ MORE SUN STORIES

Tens of thousands of 'lifetime' Netflix accounts have been sold by a popular seller known as 'bulkversion' - suggesting an even higher number of customers have been scammed out of accounts.

While Netflix and Prime Video are the two biggest platforms in demand on the dark web, other US services like Hulu and Blaze TV are also popular.

All sorts of accounts are sold on the dark web
2
All sorts of accounts are sold on the dark webCredit: Alamy

What is the dark web?

The internet is actually made up of three different layers: the surface web, the deep web and the dark web.

The top layer, the surface web, are sites that show up using search engines such as Google - like The Sun website that you're looking at right now.

The deep web is made up of web pages that search engines can't access.

These are sites hidden, or accessed via passwords and authorisation.

Any time you log into an account you're accessing deep web content that won't show up on a search engine.

This means that if someone was to Google your name, your banking information or Amazon wishlist won't show up in the results.

Meanwhile, the dark web is a network of untraceable online activity and websites on the internet.

They cannot be found using search engines and to access them you need to use specific software, configurations or have authorisation.

The dark web isn't illegal in the UK or US.

That's partly because the dark web isn't inherently bad, despite often hosting criminal content.

However, it is difficult to stop people from accessing the dark web, and track who exactly is using it.

So outright banning the dark web may not be ethical or enforceable.

Topics