A group of scammers seem to have taken to heart the lesson bequeathed to us by Three Dog Night in the summer of ’69: that yes, one is the loneliest number. This newly unleashed attack uses not one but multiple tactics to dupe unsuspecting victims by pairing a phishing attack—where hackers pose as trusted entities in order to gather personal and financial information—with fraudulent tech support for everyone’s favorite streaming video site, Netflix.
The scam initially came to light thanks to the work of Jérôme Segura. Segura, who tracks tech support scams for a living, documented his interaction with the new phishing scam in late February.
Here’s how the scam works: after receiving an email that contains a link to a fake Netflix site, unsuspecting users who click on the link are directed to a fraudulent Netflix site where they’re asked to enter their credentials (including username and password). The log in fails, and users are told that “Netflix” has found suspicious activity on their account and that they should call a 1-800 number at the bottom of the page for tech support.
Of course, the number isn’t actually tech support, but rather the scammers behind this operation. The person who answers the phone (in Segura’s case, a man) then tells the victim that they’ve been hacked and that the victim’s account has to be suspended for security purposes. The “tech support” then sends a link to a software support website and asks the victim to download a series of programs to “fix” the computer. The programs do not fix the computer. Do not download them.
The first program is a remote desktop sharing application that gives the scammer remote access to your computer. The scammer then confirms that, yes, the hackers have gained access to your computer and that they will have to transfer you to tech support to fix the problem.
Maybe they just hand the phone to another person, but, assuredly, they do not transfer you to an actual tech support line. Instead, the next scammer is supposedly running a “scanning” program to identify how many hackers have compromised your computer. In reality, however, they’re running a batch script—a small computer program that can either be very harmful or very harmless—that ends with scary numbers detailing how vulnerable you are to hackers in other countries.
The scammers then “fix” the problem and leave you with a $389 bill for support. To pay, they ask you to hold their credit card next to their face so they can “verify” the card’s owner over webcam. Truthfully, this is done so they can steal your identity.
We’ve seen phishing scams before. And this scam has all the telltale signs: a badly implemented clone of a well known website, a suspicious URL and a request for sensitive information. Typically these types of scams are executed through email, and not through a brazen scheme with scammers posing as live tech support.
Fortunately, there are a few ways you can protect yourself from scams like these. Here’s how:
- Double check your URL address. The moment you log onto a site, check the URL address at the top of your browser. That’s because the majority of phishing scams depend on tricking users with URL addresses that are almost identical to the real one, but not quite. In this case, the URL of the lookalike site was “netflix.afta3.com.” Additionally, looking for “https” at the beginning of the URL will ensure that the site you’re on is secure.
- Ask for verification before granting someone access to your computer. Before allowing a tech support member remote access to your computer, ask them to verify some of your information on file. If they’re truly legitimate, they should have access to information like when you became a subscriber, your billing address, and more. It’s easy for fraudsters to copy your data and install malicious programs while posing as a trusted individual, so think twice before allowing someone access to your device.
- Be suspicious of those who ask for your photo and credit card information. While many technical support services and mail order companies may request your payment details over the phone, be suspicious of anyone who may ask for more than that. In this case, the scammers requested that people show a photo of themselves along with their card. Legitimate services will not request that you show a photo of yourself alongside your credit card.
- Protect your devices with comprehensive security software. Even with the best of precautions, you can still be at risk for a targeted cyber attack. Hackers and cybercriminals get better every day. Stay ahead of the pack of hackers with McAfee LiveSafe™ service, which protects your online identity, blocks hackers from accessing your computer and guards you from malicious software. It also comes with McAfee® SiteAdvisor® which protects you from visiting risky websites, like the Netflix imposter described here.
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.