This is how the mafias that steal Netflix, HBO Max or Disney + accounts act

It is not uncommon to find on social networks that profiles of Netflix, HBO Max or Disney+ at a lower price than the official one. Many may feel attracted because it represents savings compared to the options offered by the same streaming platforms, but what they do not know is that they could be part of the streaming business. cybercriminals.

“If someone contracts a cheaper service, using someone else’s credentials, it is surely a pirated access. There is an informal business selling credentials”, says Fabio Assolini, director of the research and analysis team for Latin America at Kaspersky, to El Comercio.

LOOK: WhatsApp: how do I know if another person has logged in with my account on another device?

This type of fraud is called audiovisual fraud and in the world of streaming it is nothing new. In 2016 there was a report of the sale of Netflix accounts at lower prices in Brazil. Although an exact figure was not mentioned, it was emphasized that the popularization of the platforms has drawn the attention of cybercriminals.

In turn, the director of cyberintelligence at cybersecurity company Tarlogic, Jessica Cohen, told Business Insider that theft of service access credentials is one of the most prevalent in the industry. “We are talking about large volumes of stolen account sales”, he added.

This type of scam has become more notorious in recent years with the increase in streaming platforms. no longer alone Netflix, we also have Prime Video, HBO Max, Disney+, Star, Hulu and a long list of others.

Cybercriminals are on the lookout to steal accounts on platforms like Disney+, Netflix, and others. (Yeko Photo Studio/)

How audiovisual fraud operates

This kind of scam is known as audiovisual fraud. This mode consists of cybercriminals steal access to streaming platforms to then sell profiles on the internet.

But beyond its meaning, the specific question here is: how does it work? “Users of streaming sites receive many phishing attacks, in which the challenge for criminals is to steal their password. ”, comments the Kaspersky expert.

Fabio Assolini is Director of the Research and Analysis Team for Latin America at Kaspersky

Just to remind, Phishing is a social engineering technique used by cybercriminals to obtain private information from users. To do this, hackers send fake emails or text messages that lure people into handing over their passwords and personal details.

Did you receive an email reporting an alleged error in the account or in the method of payment? Could be phishing.

In turn, if you already have a Netflix or Disney+ account with the profiles created, it is more difficult to notice that there is an intruder. Perhaps you notice that some series are in season three, when you had not even seen it.

On the Internet we can find that Netflix accounts and other platforms are promoted. (Securelist/)

Characteristics of audiovisual fraud

There are several characteristic features of audiovisual fraud, Assolini points out. One of them is that if the account is for individual use, the cybercriminal could block access to the owner and then sell it on the black market independently.

Another feature is that if the account in question is family, it is likely that the owner will find another user registered in his profilewho will be accessing the account fraudulently, says Assolini.

LOOK: How are cybercriminals using links to Google Translate to create phishing campaigns?

It should be noted that if it is a family account, people may enter an already created profile.

One possible scenario is that cybercriminals steal credit card access to pay for these services and then sell the profiles. They are also known to be in a position to carry out all manner of financial fraud.

Netflix is ​​one of the most popular streaming platforms in the world, and as such, it is not exempt from cyberattacks. (OLIVIER DOULIERY/)

How to avoid phishing

The method for a person to lose access to their Netflix or Disney+ account is through the phishing. We already mentioned that it is a bait for the victim to click, log in and provide their confidential data without realizing it. But, what can we do to avoid falling for this tactic that is one of the favorites of cybercriminals, according to experts?

Source: Elcomercio