Skip to content

Malwarebytes – Watch out for this Netflix “tech support” scam – Ars Technica


Watch this scam – isn’t it the greatest? Wow, social engineering, combined with phishing, combined with just about everything.


Jerome Segura has been tracking tech support scams for a year, documenting the ploys he’s encountered. But even this one found him unprepared.

“Combining a phishing scam with a fake tech support call center is something that I’d never seen before,” the Malwarebytes senior security researcher told A video of the find shows Segura trying to enter a fake Netflix login on the streaming service’s homepage, only to be presented with a notice telling him the account has been suspended, and telling him to call a fake tech support number.

He dutifully called up and was asked to download “Netflix Support Software”—really the remote control software TeamViewer, which allowed the scammer access to his system. Once he had hopped on, the hacker told Segura he’d been hacked. In fact, the scammer said he’d been hacked nine times, with one coming from Serbia, four from Russia, three from China, and one from Italy. It’s all part of a tactic to instill fear and get the user to comply, explains Segura. Like when the helpful voice on the other end of the phone showed him a scan of apparent hacker activity—which was really just custom-made Windows batch script.

“By running their own tool, which looks authentic, the crooks can detect ‘problems’ that do not exist,” says Segura. “Finally, showing those scan results adds to the fear factor, as well as creating a sense of urgency to fix the issue.”

As well as scraping plenty of personal information from Segura’s system, including a file named “banking 2013,” the scammers continued by attempting to secure a payment of $389.97 (with a generous $50 Netflix discount) for Microsoft support to fix the problem. (He was repeatedly told that the problem happened because his security software is not up to scratch).

Then comes a little “fixing” after the call is passed on to a technician. This time, it’s designed to induce the victim’s comfort—”I can also see that these hackers were trying to access some of your personal information like documents and pictures. Do you have any pictures?” asked the helpful hacker, before proceeding to recover them for him.

Perhaps the most bizarre and unusual part, the “Microsoft technician” asked Segura to hold up a photo ID with his credit card information, because they are doing the transaction over the Internet and Microsoft wants to make sure he’s the cardholder.

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: