Share

Top 5 Stories

News

Netflix Scam Uses Elaborate Tech Support Ruse

16 April 2014

Netflix is being used in a new phishing scam that lures victims into calling a “tech support” line, connecting to a live human that proceeds to probe around the user’s PC and lift information, behind an elaborate cover.

Malwarebytes researcher Jerome Segura uncovered the scam when he came across what he thought was a typical phish targeting Netflix users, warning that there was an issue with the account. 

“Of course it stole my credentials,” Segura said in an analysis. “But it also displayed a message saying my account had been suspended.”

Upon being urged to call “Netflix” at an 800-number, he did so, and talked to a rogue support representative, who asked him to download “NetFlix support software,” which is actually the popular remote login program TeamViewer.

But it gets even more elaborate. “After remotely connecting to my PC, the scammer told me that my Netflix account had been suspended because of illegal activity,” Segura said. “This was supposedly due to hackers who had infiltrated my computer, as he went on to show me the scan results from their own ‘Foreign IP Tracer,’ a fraudulent custom-made Windows batch script. According to him, there was only one thing to do: To let a Microsoft Certified Technician fix my computer.”

From there, Segura was given an invoice and a bogus $50 Netflix coupon, and transferred to said technician, who asked for a picture ID and a photo of a credit card. When he said he couldn’t do that, the hackers activated his webcam so that he could show these cards to them.

Meanwhile, during the conversation, the scammers were going through the personal files on the PC and uploading those that looked interesting, such as “banking 2013.doc.”

“This was a clever plan which not only is about stealing money for bogus services but also about identity theft by gathering personal details from the victim (photo, name, email, address, password, etc.),” Segura said.

As always, users should be diligent about clicking on links within unsolicited tech support emails, and should always be wary about sharing information, downloading unknown software and giving access to third parties.

This article is featured in:
Data Loss  •  Identity and Access Management  •  Internet and Network Security  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×