A new Netflix scam attempts to trick users into handing over access to their computer and trick them out of hundreds of dollars and important personal information such as banking passwords and usernames.
This scam is similar to the common Microsoft or Dell Technician calls that ring a user up at home and claim that the company found a virus, but this one starts with an email claiming there is illegal activity on your Netflix account.
Users may see an email claiming unusual or unauthorized activity on the Netflix account, directing users to call a 1-800 number that is not associated with Netflix. It’s generally a good idea to ignore these types of emails, but a Jérôme Segura, security researcher at Malwarebytes called up the scammers to find out what is going on.
In the seven-minute video below users can see what the Netflix scam consists of. After telling the Segura that his computer is infected the scammer will then show a fake screen designed to make it look like someone from another country is accessing their computer.
The next step is to get the user to allow a “technician” to connect to the computer to diagnose the issues. This is a two-prong step with a goal of taking your money from a credit card you willingly offer and to search your computer for any files that appear to contain important personal information.
In this case Segura caught the scammers uploading a document called banking 2013.doc and searching through picture, document and video folders for personal information. This example left tempting files around, but it also illustrates another issue that could come from allowing a stranger to connect to your computer. If you keep photos of sensitive documents or photos of yourself that you would not want others to see, they are out in the open for a scammer to see if you grant them access to your computer.
After connecting to the computer to “help” the user, the scammer created a quick invoice for services that kindly includes a $50 Netflix coupon that won’t work. this bill to fix a Netflix account issue is nearly $400, which the “technician” will want in hand soon after he starts fixing the imaginary problem.
At this point in the scam, a users may have handed over access to personal files, authorized a charge for nearly $400 and handed his credit card information over to an individual that is clearly not acting with a legitimate purpose. That’s a great day for a scammer, but the start of a long road to cleaning up the mess for users that fall for this scam.
If you receive an email or even an error message on a web page, do not immediately trust the source. If Netflix detects a problem with your account they will not ask to connect to your computer to fix it for hundreds of dollars. Scammers rely on tricking users into thinking big companies have the time, resources and abilities to monitor computers for viruses and other problems. This is not the case. A company like Netflix may be able to detect abnormal usage through some means, but they will not start offering help in this manner or charging users to connect to a technician.
When you get an email from a company like this, do not click on links. It is best to go directly to the website that you know is legitimate and send a message or call a number listed there.