Netflix phishing scam tricks subscribers to steal data from their PC

Scammers originating from India found duping Netflix subscribers to steal files, images and even credit card details.

1 minute & 35 seconds read time

There's a new phishing scheme which involves Netflix and using the fear of having your account suspended unless you call the company's 'tech support'. Jerome Segura of Malwarebytes Unpacked uncovered 'Tech Support' scammers where they try to use Netflix account suspicion scare to steal its victims' photos, name, address, passwords and even credit cards.

Netflix phishing scam tricks subscribers to steal data from their PC 1

Segura said that the error from Netflix urged him to call the 1-800 number on the screen, which was not the official support number and therefore prompted deeper investigation. Upon contacting the fake tech support, the representative made him download a 'Netflix Support Software' which turned out to be Teamviewer. After the remote connection was made, the scammer said that his account was suspended because of 'illegal activity' and showed 'proof' using a 'Foreign IP Tracer' which was a custom-made Windows batch script.

What was strange is that the tech support scammer advised him to connect with a Microsoft Certified technician. He also went ahead and transferred the call to a certified technician (fake, of course) who already had Teamviewer access. The fake support explained the issue and drafted a bill for installing network firewall, AVG antivirus cleanup followed by a $50 fake Netflix discount coupon and offered a discount. What was later found out that the scammer was trying to buy time and distract the victim. In the meantime, the scammer was going through his personal files and stealing data of his interest, as found in TeamViewer file transfer eventlog.

Netflix phishing scam tricks subscribers to steal data from their PC 2

The fake support wanted his credit card credentials, but asked for a picture of his ID card and credit since 'the internet is not secure and needed proof of his identity'. Since he didn't have it, they tried to activate his webcam so that he can show the cards, but the author disabled his webcam, and that's where the call ended.

After tracing the IP address that was available from Teamviewer's logfile, it was found that the connection originated from India, and the download file was from a newly registered domain. Though a lot of people would eventually know that its a scam, many may not- or be distracted as their Netflix account was suspended due to suspicious activity. Its important that one does not use their login credentials on their unknown website and always best if you contact official customer support and verify such claims of account suspension.


After being a long time PC enthusiast and a former contributor for many Indian based PC and Tech forums, Roshan now joins TweakTown covering tech news and also any developments from India. Like many enthusiasts, with years of being involved in many Indian tech forums and running his own tech site, he's commonly referred by his forum nickname 'The Sorcerer' by many old and new fellow PC enthusiasts, followed by few companies from time to time. He's also the winner of the TweakTown's Computex 2012 Taipei trip. If any free time is left, Roshan prefers to play FPS games.

Newsletter Subscription

Related Tags