A security expert identified a new scam that uses an elaborate form of phishing to target Netflix subscribers.
A new scam is making its way around the Internet, and it targets Netflix users. If you fall for it, you could get stuck paying for $400 worth of useless tech support, or even worse: Hackers could gain access to your computer and steal files.
Here’s how it works: A legitimate looking email purporting to be from Netflix arrives in your inbox. It suggests you go to a support page because of a problem with your account, and you see a screen like the one below telling you your account is suspended.
If you dial the on-screen phone number, you’re connected to someone posing as a Netflix support technician, who then requests permission to send you so-called diagnostic software that allows him to take control of your computer.
When that software is running, the fake tech tells you he sees multiple problems created by hackers on your system. He’ll even show you a legitimate-looking page detailing those errors. But every bit of this support session is faked.
Once the tech shows you the bogus report, he suggests you go to Microsoft tech support to have your system cleaned up. It will cost you hundreds of dollars, but don’t worry; you’ll get a $50 Netflix discount. Meanwhile, the remote control software allows the fake support tech to examine every file on your computer and steal anything he wants.
The scam came to light through the efforts of a security expert named Jerome Segura who has been tracking tech support scams for a year. He mentioned the Neflix scam in a blog post that includes a video he made while chatting with the scammers.
Because Segura is a pro, he had software on his computer that showed him exactly which of his carefully planted files were being downloaded. At that point in his interaction with the scammers, he was asked to provide a credit card and identification. When he didn’t provide the information, they hung up on him.
The scam combines two well-known online attacks. The first is called “phishing,” in which you receive an email that purports to be from a familiar institution, such as your bank. Following a link in the message takes you to a dangerous site that might place malware on your computer, send you buckets of spam, or in the case of the Netflix scam, place you in the hands of hackers.
The other piece of the scam is one that I’ve seen myself. You get a phone call from someone purporting to be from Microsoft saying that he has detected unusual activity on your computer, and it needs to be fixed or you’ll be barred from the Internet.
When I’ve stayed on the phone to see where it leads, the result was very similar to what Segura reported. The guy wanted to take control of my PC, and clean it — for a hefty fee. At that point, of course, I hang up.
The lessons: Never let a stranger put software of an sort on your computer; be very skeptical of unsolicited tech support; and if you get email from your bank or other institution, look closely at it to be sure its legitimate and check the URL if you click onto a site to make sure it’s the one you expect.