2014-03-04

Security experts have come across a Netflix phishing scam that not only tricks users into handing over their credentials, but also instructs victims to call tech support scammers.

Tech support scams have been around for a long time now, and they’re not going away any time soon. In fact, the scammers keep improving their schemes.

Malwarebytes researchers have come across what they initially believed to be a typical Netflix phishing scam. Potential victims are lured to a fake Netflix page where they’re instructed to sign in to their accounts.

The information entered on the rogue website ends up in the hands of cybercriminals. However, that’s not all. After victims log in, they’re presented with an error page which reads something like this:

“Important notice. We have detected unusual activity on this account. To Protect your account from unauthorized use, we have temporarily suspended this username. To regain access to your account please contact Member Services at 1-800-947-6570.”



Netflix phishing leads to tech support scam

Those who call the 1-800 number aren’t actually contacting Netflix support. Malwarebytes’ Jérôme Segura called the number and the individual who picked up asked him to download and install so-called “NetFlix Support Software.”

The NetFlix Support Software is actually TeamViewer and Ammy, two popular applications designed for remote access. Both programs are often used by tech support scammers, particularly Ammy.

Once the victim installs one of these apps, he/she is shown a report from a piece of software called Foreign IP Tracer. The tool, which is actually a fraudulent Windows batch script, appears to show that hackers have infiltrated the computer.

Then, the scammer tells victims that a Microsoft Certified Technician can fix the device for a certain fee. To make the offer even more attractive, the scammers even offer a $50 Netflix coupon. However, the coupon is fake, just like their services.

Segura noted that during their conversations the scammers went through his personal files in hopes that they can find something of interest. One of the files they stole was named “banking 2013.doc.”

The scammers, apparently located in India, also tried to convince the expert to turn on his webcam and show them an ID and his credit card because the Internet is allegedly not secure and they needed proof of his identity.

Check out the video from the top of the article to see the scammers in action. It goes without saying that users should avoid contracting support services from companies they don’t know and trust.

 

Show more