The National Fraud Intelligence Bureau (NFIB) has identified a number of Action Fraud reports whereby people have purchased logins for Netflix, Spotify, Sky Go and Hulu accounts via eBay only to find out that they are suspicious.
Fraudsters are offering discounted rate “subscriptions” for sale via eBay to victims who might be unaware they are buying compromised account information.
In some cases reported to Action Fraud, those who have bought the subscriptions have logged into the account only to find out that it isn’t registered in their name.
In other instances victims have only been able to access the accounts for a short period of time, presumably because the service provider has blocked the account, or the genuine account holder has changed their password.
Purchasers unwittingly become the hackers
Individuals who purchase these accounts via these platforms are attempting to save money off the standard subscription fees. However they risk both committing a hacking offence by continuing to access an account that clearly does not belong to them, and/or losing money if they are then not able to access the account because it has been shut down or the login details are changed.
Don’t risk taking a chance on these types of deals just to save a few pounds. Contact the genuine service provider before taking advantage of any discounts on offer, to verify their authenticity.
Hackers could have obtained this account information from:
- Stolen identity and card payment data, or
- Login details that have been obtained from phishing/smishing/malware or code generating programs.
Once login details have been stolen or created it is suspected that they are then sold on the Dark Web before being on-sold on to members of the public via eBay (or other auctions sites) and social media platforms. The Dark Web is a collection of underground websites that use anonymity tools to hide IP addresses.
International Business Times UK recently reported that cybercriminals are selling access to customer accounts from companies including Amazon, EE, Vodafone, Uber and Netflix - as well as offering tutorials on how to use these details - from as little as 34p on the Dark Web.
To prevent your accounts being hacked you should
- Create strong passwords: Use at least eight characters and a random mixture of upper and lower case, numbers, punctuation, spaces and symbols. You should change passwords often and never use the same one twice.
- Never open email attachments or click on links from strangers: Viruses are often spread via attachments on emails, so if you don’t know what an attachment is, do not open it. If you have clicked on a link in the email, do not supply any information on the website that may open.
- Enable two-factor authentication: Two-factor authentication is one of the best things you can do to make sure your accounts don't get hacked. Find out how to enable it here for a variety of popular online services.
- Install antivirus and turn on your firewall: By keeping your firewall switched you can prevent access to your computer from unknown outside sources. You should also always use legitimate antivirus software and keep it up to date.
To report a fraud and receive a police crime reference number, call Action Fraud on 0300 123 2040 or use our online fraud reporting tool.