Emerging Threats

Netflix log in credentials being sold on the black market

Written by a NortonLifeLock employee


Attackers are setting their sights on stealing users’ Netflix credentials in order to sell them on the black market, providing access to the streaming service for less expensive prices.

Netflix’s popularity has grown a great deal since its launch in 1997. The company recently launched its streaming service globally, and it is now available in more than 190 regions around the world. As a result, this has attracted the attention of cybercriminals.

Attackers are using two methods to try to gain user credentials:

Malware disguised as Netflix

This malware campaign involves attackers using malicious apps posing as Netflix on compromised computers’ desktops. These files are most likely downloaded by users who may have been tricked by fake advertisements or offers of free or cheaper access to Netflix.

Phishing for Netflix credentials

In addition to attempting to obtain the login credentials through malware, attackers may target Netflix users via phishing campaigns. Phishing is essentially a con game and phishers are nothing more than tech-savvy con artists. In this particular case, they use spam emails to try to trick people into divulging Netflix account credentials. Since Netflix subscriptions allow between one and four users on the same account, an attacker could piggyback on a user’s subscription without their knowledge.

In these phishing campaigns, attackers redirect users to a fake Netflix website in order to trick users into providing their login credentials, personal information, and payment cards details. Luckily, fake websites are easy to spot, as the creators don’t spend a lot of time building them. These sites contain easy to spot errors, such as grammatical and spelling mistakes.

Graphics are missing, unprofessional, or just look bad. When in doubt, look for the padlock in the URL.

How to stay protected:

  • Only download the Netflix application from official sources such as the Google Play Store or Windows Store. There is currently no app available for Apple computers.
  • Steer clear of services that appear to offer Netflix for free or a reduced price, as they may contain malicious files or steal data.
  • Additionally, Norton Security protects users against the malware seen in this campaign.
  • You can also check if someone has access to your account by going into your user profile and clicking on “Viewing Activity.” If something looks awry, you can choose to sign out of all devices. Once you have done that, change your password to your account, thereby locking would-be thieves out of your account.

Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2023 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.