Yet another innovative tech support scam, using Netflix phishing to get remote access to the victim’s system.
Yes, I know. Yet another tech support scam, taking money from you for a computer problem you don’t really have. But this one is really too interesting not to look at.
It’s an interesting (and worrying) aspect to this scam that the scammers are claiming to be Netflix rather than Microsoft. But they’ve pretended to be other companies in the past (Dell and BT spring to mind). More worrisome is the combination of a site that steals credentials and directs the victim to call the ‘tech support’ line to get his or her Netflix access back. If they fall for it, the support scammer also tries to steal data from the victim’s system after gaining access through ‘Netflix support software’. This turns out to be the remote access software TeamViewer, according to the post. TeamViewer is very commonly used by support scammers, as is AMMYY.
The scammer ran a batch script that shows a number of IP addresses that are supposed to indicate where the ‘hacker’ who had ‘infiltrated’ his system was supposed to be. One of those addresses would be a dead giveaway to anyone with minimal knowledge of networking, since it’s a private network address widely used on home networks – the external IP address allocated by your provider is something else entirely. Of course, the next time this gambit shows up, the scammers may well have made sure that the local IP address doesn’t show up in the batch file.
Another interesting twist: the scammer directed him to a ‘Microsoft Certified technician’ who would ‘fix’ the system. In the process they had a good rummage through his files and copied the ones they evidently throught interesting. Generously, they offered him a fake Netflix discount coupon.
Very slick sales technique. Looks as if these miscreants are trying harder than ever.
ESET Senior Research Fellow