A sophisticated security scam offering technical help to Netflix and Gmail users has been uncovered by security officials. The security experts said the scam goes as far as to ask users to phone bogus support staff who then request for specific documents to be photographed.
Online security has been in the news a lot recently as hackers become more sophisticated and try new ways to navigate it. As such, methods are being introduced all the time as scammers try to outwit unsuspecting users of different sites.
The end game for the scammers is to steal users’ private data while the latter believe they are receiving important help. One of the users who was caught in the scam when they thought they were calling online entertainment streaming site, Netflix, said hackers offered to take control of their webcam as part of a plan to charge the customer $400 for tech support. The scam starts out as a traditional “phishing” attack where users and subscribers are asked to enter their log-in details. Once the information has been obtained by the scammers, they ask the user to call the support line for help. The user is then told they must download software, which allows hackers remote control of the computer. While the user is being asked for information, they are told a bill of $400 has been incurred for the call.
Jérôme Segura from security business Malwarebytes uncovered the scam when his Netflix account was suspended after he was directed to a fake website designed to steal his and other users’ log-in details. Once the user does what is required on the fake Netflix page, an error message appears. The message explains that unusual activity has been detected on their account and that they need to call the following number, masquerading as “member services”: 1-800-947-6570.
Segura was aware of what was going on an called the number and did what the scammers instructed him to. The scammer, who said he was a Netflix customer care representative, told Segura to download and install NetFlix Support Software. However, it was merely PC log-in client TeamViewer. It then became clear how sophisticated the Netflix security scam was and it was something a member of online security uncovered himself.
Once the scammer had remote access to Segura’s computer, the user was told his account was suspended due to illegal activity. Segura was told that hackers were to blame and that they, the scammers, would fix the problem and give him a $50 credit to his Netflix account by way of apology. Throughout the conversation Segura noticed the scammer went through his computer and downloaded files that were of interest, such as one called banking2013.doc.
Scammers gaining access to bank accounts around the world is becoming frequent. In the United Kingdom, a common scam sees hackers email people from a fake Her Majesty’s Revenue and Customs account – the department of the Government responsible for the collection of taxes – asking them to submit account details in return for a £400 rebate. The details are then used to do everything from buy cell phones to apply for loans and mortgages.
While this latest Netflix and Gmail and security scam has been uncovered, security staff as well as the online entertainment itself have urged users never to enter a username or password into any site other than Netflix.com.
By Robert Shepherd