Netflix, particularly the US version which allows access the biggest and the best Netflix library, is incredibly popular as it allows unlimited streaming of a huge range of movies and top rated TV shows. In fact, Netflix’s low price and convenient content delivery model is often attributed to an overall decline in piracy.
Unsurprisingly, watching Netflix is a popular pastime among VPN users, who can take advantage of the fact that by connecting to VPN servers in other countries (such as the US), they can geo-spoof their location, allowing them to access geo-restricted content (such as Netflix). Many VPN providers also offer DNS spoofing services which allow the same thing with less of a performance hit (but without the other benefits of using VPN). Our Big VPN Survey showed that almost half of our readers use VPN to access geo-restricted content!
Readers should be aware therefore of a new and original Netflix scam that, in the words of its discoverer, Jerome Segura, senior security researcher at respected anti-virus outfit Malwarebytes, ‘combining a phishing scam with a fake tech support call centre is something that I’d never seen before.’
A video (now removed from YouTube) shows Segura being redirected from a fake Netflix login to a notice telling him that his account has been suspended, and to call a fake tech support number. When a victim calls the number they are instructed to download ‘Netflix Support Software’ which turns out to be TeamViewer.
TeamViewer is rather excellent (and free for personal use) software that lets a user completely take over another’s computer. Designed to let experts provide remote assistance (excellent for tech-savvy users wanting to help distant family members sort out their computer woes), allowing a malicious attacker to access a system with it is a complete disaster.
Once they have total access to a system, the scammers inform their victims that they have been hacked (they told Segura that he had been hacked nine times, one coming from Serbia, four from Russia, three from China and one from Italy. As ‘evidence’, Segura was shown a scan of alleged hacker activity in the form of a harmless Windows batch file). The aim of all this of course is to heighten fear and soften the victim up for further fleecing,
‘By running their own tool, which looks authentic, the crooks can detect ‘problems’ that do not exist. Finally, showing those scan results adds to the fear factor, as well as creating a sense of urgency to fix the issue.’
The scammers try to download any interesting looking files from the victim’s computer (in Segura’s case they copied a file labelled ‘Banking 2013’), before attempting to extort money for a fix (Segura was asked to pay $389.97, with a $50 Netflix discount (!)).
‘I can also see that these hackers were trying to access some of your personal information like documents and pictures. Do you have any pictures?’ the ‘technician’ says helpfully before ‘recovering’ them for you. Segura was particularly struck by the ‘technician’s’ request to hold up a photo ID with his credit card information in order to secure the transaction,
‘The Neftlix theme was well thought out — from the suspended account ploy to the discount coupon if you agree to fix the issue, the bad guys have planned their approach in detail. Requesting a photo ID, as well as a snapshot of my credit card, was completely novel too, despite being the untrustworthy ones it is ironic they are trying to make sure the mark is not playing them. Aside from the fact that it is creepy, it creates a huge identity theft risk.’
It is thought the scam, which was discovered to be based in India, will ‘most likely’ affect users in the US (where it was discovered), UK, Canada, Australia, and New Zealand. While VPN users are probably tech-savvy enough not to fall for such a scam, we suggest they keep an eye on more potentially more vulnerable friends and family members, as there are bad people out there all too willing to take advantage,
‘Anyone could fall for these scams, although certain people are more vulnerable. The older generations that did not grow up with computers are more susceptible to be social-engineered. The argument about hackers infiltrating your computer is more likely to be won with someone unfamiliar with such technology. Availability is another important factor here. People that work from home or spend the majority of their time at home are often targeted simply because most calls will happen during business hours, when other people will be out working.’