We often try to highlight particularly interesting, unique or devastating cases of email and phishing fraud on this blog and the most recent big news, taking place about a week ago, surrounds a campaign that targets Netflix users.
More elaborate than most phishing scams, the campaign centers around a dummy Netflix login page that states the user’s account has been temporarily suspended due to “unusual activity.” So far, pretty standard fair for internet thievery. Where it gets a little more interesting is when the user is prompted to call customer service and is connected to a human voice on the other side. The big problem here is that sometimes, even real cyber skeptics can have their fears assuaged by a comforting voice.
Jérôme Segura from Malwarebytes Unpacked, the man who discovered the campaign, ran through the entire scam in a closed environment intended for this purpose. Segura found that once he called, the thieves requested that he download a program called “NetFlix Support Software,” which turned out to be the popular remote viewing software TeamViewer with a different executable name. For those of you who don’t know, TeamViewer basically allows you to use someone else’s computer remotely, as if you were sitting right in front of it. Basically, it’s all a cybercriminal would ever need to get at your computer’s most tempting data.
The scammers then told Segura that his account had been suspended because of illegal activity, that his computer needed to be scanned and fixed, and that he would need to be transferred to Microsoft Security Technician. Now, even those who may have been tricked by the scam until this point must be starting to get an inkling right?
But of course, this campaign has more than a few red flags that crop up and, to be honest, they’re not that hard to check. While Segura didn’t know how the thieves were sharing the initial page (he found it because he was looking for that particular phone number), we can bet that it was probably meant to come to the user’s email through a phishing campaign. So here are a few four basic safety tips to keep in mind to protect you from this exact scheme.
- Check a link’s URL by rolling over it with your mouse (without clicking of course).
- You can double check any phone number by simply heading to the actual site, googling it or using a phone to search.
- There is never a good reason to let a stranger install remote viewing software onto your computer. Never allow this unless you know and trust the person.
- If ever asked for more personal information over the phone than you feel comfortable providing. Tell the person on the other end that you’ll call back. You can always find the correct number and call to verify.
Or, you know, you could just get Sendio.
