Netflix Customers Targeted in "Completely New" Phishing Scam

View Comments (
)
|
Email
|
Print

    NEWSLETTERS

    TK

    A recent phishing scam targeting Netflix customers was so bold it even took a security expert by surprise.

    It started with a fake Netflix site, which Jérôme Segura, senior security researcher for Malwarebytes Corporation, found by chance. The URL included the word Netflix, followed by a string of seemingly random characters that tipped him off to the fraud.

    He knowingly participated in the scam and recorded what happened in a video embedded below.

    Segura immediately noticed that the customer care number listed on the imposter site was the same one he’d seen weeks earlier in another scam.

    What was different: "They were urging me to call a 1-800 number for ‘support.'"

    It is unusual for scammers to ask their victims to contact them directly.

    This is “something that is completely new to me,” he said. “Normally after a phishing scam you get redirected to new scam.”

    Segura made the call and was told his Netflix account was suspended because it had been hacked.

    “I knew this was not right because I entered a fake account,” he said.

    The scammers told him they needed access to his computer to help him install security software. He complied, using a PC set up with fake information.

    The scammers then installed spyware enabling them to access and transfer his (fake) personal information and documents.

    "They had me download what was called ‘Netflix support’ but there is no such thing as Netflix support software," he said.

    They also requested a photo of Segura’s ID and credit card,

    When Segura balked at the request, the “agent” on the line remotely turned on Segura’s computer camera to make it easy for him to comply.

    At the end of the session the “agent” attempted to charge Segura upwards of $400 – minus a $50 "discount."

    The unusually aggressive nature of the operation could be an indicator of the next wave of phishing scams, he said.

    The site was up for two days before it was shut down, he said.

    Netflix told NBC4 News in an email it would not comment on the suspected scam.

    Scams are not specific to any particular provider or brand, Segura said. Consumers need to be vigilant and on their guard whenever they are online.

    People who believe they are the victims of online phishing scams can contact the Federal Trade Commission.

    Netflix Tech Support Scam from Malwarebytes on Vimeo.