The latest scheme to target unsuspecting consumers aims right at the core of what matters to the average person on an average night: our entertainment! In a scheme unveiled by Jerome Segura in a blog post on the site Malwarebytes.org, scammers are going after the personal information and financial resources of Netflix users.
Here’s how it works:
You are on what looks like the real Netflix home page. You enter your information, but instead of taking you to Netflix, you are redirected to a page telling you your account has been suspended for “unusual activity”. You are given an 800 number for “Netflix Member Services” and a very authentic looking error code.
If you call this number, a real live human being answers sounding much like a real typical tech support person. They will be happy to help you (even if you give them bogus account information!) if you’ll just give them that error code. This then allows them to remotely access your computer.
At this point, they’ll tell you that criminals have hacked your computer (and they’ll show you impressive “scan results” to prove it) and that they can have a certified technician fix the problem. In the mean time, they are scanning and uploading your personal files.
They will then draft an invoice for “fixing your issues” for about $400 (after they generously take off the $50.00 coupon they had promised you earlier!) and ask for your credit card information and a picture ID. If you can’t scan it for them, they will turn on your webcam so you can conveniently show them on screen.
Hopefully you would have recognized the scam long before this point, but some innocent consumers did not. The site was up for two days before it was shut down, but another similar one was probably up before this one was down. (In fact, Segura recognized the phone number from a scam just a few weeks before, which is what led him to investigate it.)
So, what can you do to protect yourself from scams like these?
- If you receive a cold call and are suspicious (which you should be immediately), hang up. Then look up the number independently. Compare various sources to find consistency. For the record, Netflix’s official customer service line is 1-866-579-7172.
- The same is true with an unsolicited email or redirection with an error message. And remember to not click links in emails. It is better to type the address in the search bar manually.
- Don’t just pick the top ad on a search results page, either. Watch the url; always look at the name before the “.com”. If it is a scam, it will most likely have an unusual URL. It will likely contain a common name but be accompanied by some jumbled letters or numbers. For instance, the official Netflix site is simply Netflix.com. The scam site was as follows:
In addition to the above points:
- Never let anyone take remote control of your computer unless you absolutely trust them. If you do, you are basically giving full access to everything on your computer.
- If you did let them in, revoke access; if unsure, restart your computer. Then, scan for malware and change all your passwords.
- If you did fall victim and were convinced to pay or gave them your personal information, such as your Social Security number, Driver’s License, or credit card information, check out the tips in our soon to be released Identity Theft Recovery Map (available soon).
- Report the scam to the FTC.
John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.