Posts

Netflix Users: Don’t Fall Hook, Line, & Sinker for Latest Phishing Scheme

netflix scamThe latest scheme to target unsuspecting consumers aims right at the core of what matters to the average person on an average night: our entertainment!  In a scheme unveiled by Jerome Segura in a blog post on the site Malwarebytes.org, scammers are going after the personal information and financial resources of Netflix users.

Here’s how it works:

You are on what looks like the real Netflix home page.  You enter your information, but instead of taking you to Netflix, you are redirected to a page telling you your account has been suspended for “unusual activity”.  You are given an 800 number for “Netflix Member Services” and a very authentic looking error code.

If you call this number, a real live human being answers sounding much like a real typical tech support person.  They will be happy to help you (even if you give them bogus account information!) if you’ll just give them that error code.  This then allows them to remotely access your computer.

At this point, they’ll tell you that criminals have hacked your computer (and they’ll show you impressive “scan results” to prove it) and that they can have a certified technician fix the problem.  In the mean time, they are scanning and uploading your personal files.

They will then draft an invoice for “fixing your issues” for about $400 (after they generously take off the $50.00 coupon they had promised you earlier!) and ask for your credit card information and a picture ID.  If you can’t scan it for them, they will turn on your webcam so you can conveniently show them on screen.

Hopefully you would have recognized the scam long before this point, but some innocent consumers did not.  The site was up for two days before it was shut down, but another similar one was probably up before this one was down.  (In fact, Segura recognized the phone number from a scam just a few weeks before, which is what led him to investigate it.)

So, what can you do to protect yourself from scams like these?

  1. If you receive a cold call and are suspicious (which you should be immediately), hang up. Then look up the number independently.  Compare various sources to find consistency.  For the record, Netflix’s official customer service line is 1-866-579-7172.
  2. The same is true with an unsolicited email or redirection with an error message.  And remember to not click links in emails. It is better to type the address in the search bar manually.
  3. Don’t just pick the top ad on a search results page, either.  Watch the url; always look at the name before the “.com”.  If it is a scam, it will most likely have an unusual URL. It will likely contain a common name but be accompanied by some jumbled letters or numbers.  For instance, the official Netflix site is simply Netflix.com.  The scam site was as follows:

Netflix-Scam

In addition to the above points:

  1. Never let anyone take remote control of your computer unless you absolutely trust them. If you do, you are basically giving full access to everything on your computer.
  2. If you did let them in, revoke access; if unsure, restart your computer.  Then, scan for malware and change all your passwords.
  3. If you did fall victim and were convinced to pay or gave them your personal information, such as your Social Security number, Driver’s License, or credit card information, check out the tips in our soon to be released Identity Theft Recovery Map (available soon).
  4. Report the scam to the FTC.

John Sileo is an author and highly engaging speaker on internet privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 Minutes, Anderson Cooper and Fox Business. Contact him directly on 800.258.8076.

SCAM ALERT: Target Texting Scam

, , ,

SCAM ALERT! There is a Target texting scam going around. The text looks similar to the one in the picture to the left, and generally says you’ve won a $1,000 gift card if you simply click on the link and collect the money. When you click on the link, it takes you to a Target-looking site that a criminal has set up to collect your private information. The information is then used to steal your identity. In other cases, clicking on the link installs a small piece of malware that takes control of your phone and forwards your private information to the criminals.

Where do the criminals get my mobile phone number to text me in the first place?

  1. They purchase it off of black-market sites on the internet
  2. You give your mobile number away to enter contests, vote on reality shows, etc.
  3. You post it on your Facebook profile for everyone to see
  4. Data hijackers hack into databases containing millions of mobile numbers
  5. Most likely, the thieves simply use a computer to automatically generate a text to every potential mobile phone number possible (a computer can make about a million guesses a second).
What can I do to protect myself and my phone?
  • If you receive a text from any number you don’t know, don’t open it, forward it or respond to it
  • Instead, immediately delete the text (or email)
  • If you accidentally click on the link, never fill out a form giving more of your information
  • Place yourself on the national DO NOT CALL list.
  • Stop sharing your mobile phone number except in crucial situations and with trusted contacts
  • Remember when you text to vote or to receive more information, enter sweepstakes or take surveys via text, they are harvesting your phone number.
  • Resist the urge to post your mobile number on your Facebook wall or profile

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust. He is CEO of The Sileo Group, which helps organizations protect their mission-critical privacy. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation  or watch him on Anderson Cooper, 60 Minutes or Fox Business.

Facebook 'Dislike Button' is a Scam!

According to Cnet.com, security firm Sophos has highlighted yet another scam that’s zipping around Facebook in the form of a third-party application, this one spreading in the form of links claiming to be from friends that encourage members to install a Facebook “dislike button.”

Sophos wrote about the scam in a post on Monday,  pointing out that a link to it tends to appear in wall posts that appear to be from the user’s friends (“I just got the Dislike button, so now I can dislike all of your dumb posts lol!!”) but which are actually automated messages from friends who have already been duped. The scam’s purpose is to force users to complete a survey contained in the application, a bit of trickery that has already been known to be perpetuated through scam links like “Justin Bieber trying to flirt” and “Anaconda coughs up a hippo,” the two of which presumably would be enticing to rather different demographics of Facebook users.

As Facebook’s surging membership numbers have blazed past 500 million around the world, its channels of fast social connection and messaging have become a prime target for scammers and viruses.This one’s particularly nasty because a “dislike button,” offering some kind of counterpoint to Facebook’s own “like” button is something that many members have been clamoring for.

Continue Reading the Article

John Sileo is a information security expert that speaks professionally to organizations that want to protect their profits against identity theft, social media exposure and corporate espionage. His recent clients include the Department of Defense, FDIC, FTC and Pfizer.

Harvard Identity Theft Has Lessons for CEOs

The story about the Harvard student who fraudulently gained access into Harvard University is an excellent lesson in repelling fraud. Watching the video to the left, you will be struck by how many opportunities there were to catch him in the act of lying. But it didn’t happen for a long time. The underlying reason he didn’t get caught is the same for prestigious universities like Harvard, Fortune 500 Companies and small businesses alike:

No one verified his claims (until recently). Verification is a learned skill that is under-utilized and under-trained in corporate America.

Apparently the university, the financial aid office and a list of other responsible parties didn’t double check any of the claims he made – his grades, his transfer from MIT, his financial status, nothing. This happens inside of businesses everyday. New hires are processed without so much as a background check, reference check or educational check actually taking place. It is on the HR checklist of to-dos, but that doesn’t mean it is getting done. As a matter of fact, this is a similar case to the Bernie Madoff case – had the SEC taken just a few hours to verify his claims, his victims wouldn’t be out $54 billion. At some point, businesses are going to begin taking notice, and will train their executives and employees on [intlink id=”1261″ type=”post”]detecting the human side of fraud[/intlink]. It’s not that difficult.

John Sileo became one of America’s leading Fraud Training Experts & sought after Identity Theft Speakers after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.

Adam Wheeler, 23, of Milton, Delaware, faces 20 counts of larceny, identity fraud and other charges over his 2007 application to Harvard University. Apparently he went undetected for almost two years until he applied for a prestigious scholarship that required a more in depth background evaluation.

A professor reviewing his file noticed that Wheeler had plagiarized information from another professor and became suspicious. After a subsequent investigation they found this was not the first time that he had falsified his academic history and achievements.

Mr. Wheeler has been in custody since he was arrested on May 10th and on Tuesday he plead not guilty to all charges. Sources say that when he was confronted with the plagiarism accusation his only response was “ah, I must have made a mistake”.