Tech

Beware this sneaky Netflix tech support scam

Next time Netflix prompts a call to tech support, make sure it’s the official number. 

Photo of Kate Knibbs

Kate Knibbs

Article Lead Image

When Netflix doesn’t work, sometimes it’s like “Oh well, let’s just do something else.” And sometimes it’s like “Are YOU KIDDING ME WHAT HAPPENS TO RIGGINS GJKAJKSDA!??!?!?”

Featured Video

The urgency of the situation all boils down to whether or not you’ve finished binge-watching Friday Night Lights.

But, next time Netflix prompts you to call tech support, take a pause from your rage and make sure it’s the official number. Scammers have been duping Netflix users by setting up a fake tech support number. Once users call in, they voluntarily give up enough information to allow the scammers to hack into their computer.

 

Advertisement

Jerome Segura, the senior security researcher at Malwarebytes, dug into how the scam worked by calling the number and playing along. He discovered that fake representatives tell callers to download a support program, which is really a remote login tool. This lets the bilking tricksters hunt for nuggets of information like, oh, bank accounts, credit card numbers, and all sorts of identity-thefting material. They asked Segura for photo ID and when he said he didn’t have it, they tried to activate his webcam so he could show them. Segura had his cam disabled, and the call ended there, but he looked up the scammer IP address and pinpointed its location in India.

It’s a brazen stunt, and Segura’s investigation may have put a kink in it: the Daily Dot called to see what the scammers would tell us, but the 1-800 number is disconnected. The scammers have likely tweaked the operation rather than shut it down, so Netflix users should be sure to look up the official support number before calling whatever comes onscreen.

Scammers have pulled a similar stunt using Microsoft, so be cautious whenever you call or receive a call from tech support teams. This scam works because it convinces people to call in, which lowers their guard—they made the contact, after all, so they assume it’s a legitimate operation. This kind of scheme will likely continue to plague Internet users in various forms

H/T Ars Technica | Photo via 2litros > raimundo illanes/Flickr (CC By ND-2.0)

Advertisement
 
The Daily Dot