There's a new phishing scheme which involves Netflix and using the fear of having your account suspended unless you call the company's 'tech support'. Jerome Segura of Malwarebytes Unpacked uncovered 'Tech Support' scammers where they try to use Netflix account suspicion scare to steal its victims' photos, name, address, passwords and even credit cards.
Segura said that the error from Netflix urged him to call the 1-800 number on the screen, which was not the official support number and therefore prompted deeper investigation. Upon contacting the fake tech support, the representative made him download a 'Netflix Support Software' which turned out to be Teamviewer. After the remote connection was made, the scammer said that his account was suspended because of 'illegal activity' and showed 'proof' using a 'Foreign IP Tracer' which was a custom-made Windows batch script.
What was strange is that the tech support scammer advised him to connect with a Microsoft Certified technician. He also went ahead and transferred the call to a certified technician (fake, of course) who already had Teamviewer access. The fake support explained the issue and drafted a bill for installing network firewall, AVG antivirus cleanup followed by a $50 fake Netflix discount coupon and offered a discount. What was later found out that the scammer was trying to buy time and distract the victim. In the meantime, the scammer was going through his personal files and stealing data of his interest, as found in TeamViewer file transfer eventlog.
The fake support wanted his credit card credentials, but asked for a picture of his ID card and credit since 'the internet is not secure and needed proof of his identity'. Since he didn't have it, they tried to activate his webcam so that he can show the cards, but the author disabled his webcam, and that's where the call ended.
After tracing the IP address that was available from Teamviewer's logfile, it was found that the connection originated from India, and the download file was from a newly registered domain. Though a lot of people would eventually know that its a scam, many may not- or be distracted as their Netflix account was suspended due to suspicious activity. Its important that one does not use their login credentials on their unknown website and always best if you contact official customer support and verify such claims of account suspension.