Monday, March 3, 2014

[net-security] Netflix users targeted in active tech support scam

Malwarebytes' security researcher Jerome Segura has recently analyzed a rather creative tech support scam that is actively targeting Netflix users.

He doesn't say how the potential targets are lured to the spoofed Netflix login page that is the first step to being scammed, but it's very likely that they receive a fake Netflix email warning them that their account has been compromised.


Once they submit their login credentials in the bogus login page, they are faced with a warning saying their account has been suspended and urging them to call a specific toll-free phone number:

"Once I called the number, the rogue support representative had me download a 'NetFlix Support Software'," Segura shared his adventures with the scammers. 

The software in question is TeamViewer, a popular remote login program that the scammers then use to connect to the target's PC. 

The scammer tried to convince him that his Netflix account had been suspended because of illegal activity, that his computer has been hacked, and that he should let a Microsoft Certified Technician fix his computer - and pay nearly $400 for the service.

"During our conversation, the scammers were not idle," he noted. "They were going through my personal files and uploading those that looked interesting to them, such as 'banking 2013.doc‘."

"Another peculiar thing is when they asked me for a picture ID and a photo of my credit card since the Internet is not secure and they needed proof of my identity. I could not produce one, therefore they activated my webcam so that I could show said cards to them onto their screen."

His analysis says that the scam is new and still ongoing - the domain they used was registered and updated recently - so he warns users to be careful. In this particular scam, they could lose everything: money, confidential files, and personal and account information.

If you want to see and hear how the whole scamming process unfolds, Segura has recorded a helpful video:



http://www.net-security.org/secworld.php?id=16469

No comments:

Post a Comment