Netflix subscribers beware: There’s a scheme floating around the Internet that you should watch out for. If you’re not careful, you could end up about $400 poorer and with a stolen identity.

It works like this: A group of scammers purporting to be Netflix tech support sends you a phony email. It sends you to a fake Netflix login page, sets a phony notice that your account has been suspended and then persuades you to call a support service to get it back. Once they have you on the phone with fake tech support, they persuade you to download software that allows them to crawl through your computer and snap up anything of interest.

When it’s all over, they’ll send you a bill and run away with any good data they can find.

It’s a common scheme, which affects numerous other websites and services. But this particular instance provides a rare step-by-step glimpse into the particulars of the con.

View photos

The scheme was discovered and documented in the YouTube video below by Malwarebytes Unpacked cybersecurity writer Jérôme Segura.

Netflix Phishing Scam leads to Fake Microsoft Tech Support from Malwarebytes on Vimeo.





It all starts when you think you’re logging into your Netflix account, based on the fake email from Netflix. You can enter whatever incorrect login information you want. No matter what, it’ll bring you to a page that says your account was suspended for unauthorized use and ask you to call an 800 number on the screen.

When Segura did that, the person who answered posed as a Netflix support specialist and asked him to download a program to help with the problem. In reality, it was a remote-control software called TeamViewer, which allows third parties to access computer systems remotely.

As soon as the guy on the phone got access to the system, he told Segura he’d been hacked. This a tactic to instill fear in the target and then gain trust, Segura told Wired UK. In other words, the more threatened you feel by a larger, uncontrollable force that’s overtaken your computer, the more likely you are to hand over money or personal information to some random person you just met over the phone.

The person on the phone demonstrated the security breach by bringing up a “Foreign IP Tracer” to demonstrate hacker activity from nefarious countries. In reality, that’s just a common Windows batch script meant to confuse you.

View photos

Story continues