Elaborate Netflix scam targeting users through fake Microsoft tech support


A security researcher has uncovered an elaborate scam trying to skim money from gullible Netflix users by first displaying error messages on their computer and then routing them to fake Microsoft tech support in case they call up.

According to Jérôme Segura at Malwarebytes Unpacked, Netflix users are being targeted through fake warning messages asking them to call support staff that pretends to be Microsoft certified professionals.

Segura was investigating a typical phishing scam wherein the URL was asking for users’ Netflix credentials. Beyond the typical credential stealing tactics, the URL also showed up a fake message saying that the account had been suspended while also listing a support centre number and error code.

Segura called up the number and the rouge support executive instructed him to download Network support software, which turned out to be nothing but a remote administration tool. After that the executive went about running a custom Microsoft batch file labeled ‘Foreign IP tracer’ the results of which claimed that the system was infiltrated by 9 different IP addresses.

“According to him, there was only one thing to do: To let a Microsoft Certified Technician fix my computer”, notes Segura. “He drafted a quick invoice and was kind enough to give me a $50 Netflix coupon (fake of course) before transferring me to another technician.”

The security researcher notes that during the call, the rogue support executives went about sifting through files on his system and downloading files with possible confidential information including ‘banking 2013.doc’.

The supposedly Microsoft certified technician went about to draft a quick invoice and quoted Segura $389.97 as charges to fix the computer and bring it back in order.

“Another peculiar thing is when they asked me for a picture ID and a photo of my credit card since the Internet is not secure and they needed proof of my identity,” added the security researcher.
“I could not produce one, therefore they activated my webcam so that I could show said cards to them onto their screen.”

The entire set of events raises quite a few red flags including the URL in the browser, the support centre number that doesn’t match the official Netflix support number, the request for running a remote administration tool, the unauthorised file downloads and the request for turning on a webcam as well as the manner in which the support executive wanted to authorise the security researcher’s credit card.

“You should never let anyone take remote control of your computer unless you absolutely trust them”, concludes Segura.