Emsisoft Alert: Netflix Tech Support Scam

netflix

Netflix users, beware: a new tech support scam uses the popular media streaming service to steal your identity for the low, low cost of $389.97.  The scam was discovered February 28th, by security researcher Jerome Segura.  Segura entered the scam through a Netflix phishing site, Netflix.afta3.com.  Knowing full well what he was getting himself into, Segura played along and let the scam run its course.  What he found was a novel and surprisingly comprehensive way of stealing your identity.

Your Account Has Been Hacked, Let Us Fix It…By Hacking It

Step 1: Phishing

Netflix.afta3.com is a phishing site.  A phishing site is a website created to steal visitor’s informationNetflix.afta3.com does so by modeling itself after the legitimate Netflix member sign-in page.  You give the phishing site your username and password, and the phishing site sends them to its nefarious master.

Step 2: Social Engineering

Netflix.afta3.com tells you it has suspended your Netflix account.  Another well-crafted Netflix mock-up page pops up saying “We have detected unusual activity on your account.”  To unlock your account, you’re told you’ll have to call a 1-800 number.  An error code is also supplied for your reference.  This is social engineering: scare the user into thinking something is wrong and then supply them with a solution.

Step 3: Rogue Support

We usually use the term rogue to refer to a Trojan malware that pretends to be an antivirus software.  Such software will “scan” your computer, “find” a bunch of infections, and then demand payment to “remove” them.  In Step 3 of the Netflix tech support scam, you are connected to a real-live “tech support representative.”  Like a Trojan rogue, he will very seriously tell you that your account has been hacked and that the only way to fix it is with his team’s help – which, of course, doesn’t come cheap.

Step 4: Netflix Support Software

After chatting with your rogue support rep, he’ll tell you that you need to download the Netflix Support Software.  What he really means is TeamViewer, a software that will allow his team to remotely access and control your computer.

Step 5: Smoke and Mirrors

During Step 5, the tech support scammer basically just talks to you on the phone while his associates use TeamViewer to rifle through your computer’s files and steal the good stuff.  You’ll be told that someone hacked your computer and used it for illegal activities, and you’ll be shown an official looking Windows Batch Script that displays foreign infiltrations from countries like Serbia and China.  Meanwhile, any files connected to your identity or finances will be stolen.

Step 6: Payment

After a bit of yammering, your tech support representative will tell you that the only way to fix your computer is to purchase help from a Microsoft Certified Technician.  The cost?  “Usually $439.97, but since we’re such great guys we’ll give you a $50 discount, bringing your grand total to $389.97!”  (Note: People who throw the word Certified around are usually less than decent human beings.) 

Step 7: To Ensure You’re Not Scamming Us

Finally, those who wish to purchase help will need more than just a credit card number.  To ensure that you’re not scamming them (!) the Netflix tech support representative will request photographs of your credit card and your photo ID.  If you can’t supply this documentation, the tech support team will gladly activate your webcam (using TeamViewer) and take the snapshots for you.

How to Avoid This Scam

Segura’s research has linked this novel combination of scamming techniques to a newly registered website, camlesh.biz, with an Indian IP address.  Accordingly, the rogue tech support rep was not a native English speaker.

If you’re reading this blog post, chances are pretty high that you’re immune to this type of attack.  While it may combine traditional scamming methods in a novel way, the truth is that it simply contains way too many red flags to fool the average Internet literate user.

The scam does, however, pose a great risk to users who don’t much about computers.  In particular, many children/grandchildren who may have introduced their parents/grandparents to the wonders of Netflix would do well to warn their elders of this threat.  In general, phishing and social engineering scams like this one are most effective against the least informed.

If you know someone who could be targeted by this new attack, we’d ask that you spread the word.  Share this article, or better yet help them learn about Identity Theft in general.  Our knowledge base articles Hacking Identity Theft I and II were written expressly for this purpose.  Send them a link, or better yet print it out and hand it to them.   

Another simple solution would be to install Emsisoft Anti-Malware on their computer.  Our software features Surf Protection technology, which automatically prevents users from visiting phishing sites like Netflix.afta3.com.  We update our blacklist once every hour, to protect our users from the latest threats – meaning you don’t have to call up Uncle Bob every time a new phishing scam emerges.  And, hey, if you put it on your computer, you won’t have to worry about being scammed either.

Here’s to a Great (Malware-Free) Week Ahead!