For the first time ever, a security researcher has discovered an all-new breed of hack that combines subtle hints of social engineering, phishing, and good old fashioned computer cracking to gain access to unsuspecting Netflix user’s accounts and information.
The exposition started when Jerome Segura of Malwarebytes attempted to log in to his Netflix, only to be greeted with a message claiming his account had been “suspended” and that he needed to call the number included in the warning message if he wanted to resolve the issue and resume binge watching the second season of House of Cards.
The number led to a fake call center staffed by members of the team attempting the hacks, who suggest to anyone who gets caught in their trap to install the “Netflix Support Software”, which in reality is just the popular screen-sharing application TeamViewer.
After this, Segura was informed by his “support representative” that his computer had been hacked nine times, hailing from countries like Italy, China, Russia, and Serbia. This tactic is used to scare users into complying, and later to extract money from them for the “service” of repairing their computers.
“By running their own tool, which looks authentic, the crooks can detect ‘problems’ that do not exist,” says Segura. “Finally, showing those scan results adds to the fear factor, as well as creating a sense of urgency to fix the issue.”
After “fixing” the problem, they then ask users to take a picture of their credit card next to valid identification so they can charge their accounts for exorbitant amounts of cash. In Jerome’s case this paid out to around $389.97 by the time all was said and done, however the hackers were kind enough to tack on a “$50 Netflix discount” to show their appreciation for his compliance.
You can find out more about the new scam on Segura’s blog for Malwarebytes.