If the screen below has ever popped up as you were supposedly logging into Netflix, we've got some bad news for you. No, it's not your Netflix account—that's perfectly safe (at least for now). But if you followed the instructions on the screen, you've been duped by a new phishing scheme that seems so painfully obvious, it's almost brilliant.
Jérôme Segura of Malwarebytes Unpacked was the first to uncover the dastardly little trick, which he painstakingly details in the video above. It starts when Segura attempts to login to his account with a bogus username and password, bringing him to a screen that prompts him to call what is, supposedly, Netflix tech support.
That number is, of course, not connected to Netflix in any way. Instead, Segura found that it was actually coming from an unaffiliated phone number in India. The "support staffer" then told Segura that hacker had infiltrated his computer, even going so far as to show him a "Foreign IP Tracer," which, as he notes, is actually "a fraudulent custom-made Windows batch script."
That's when things start to get bizarre for even the untrained eye. The operator's next step is to connect him with a "Microsoft Certified Technician." Why Netflix would be sending users straight to Microsoft tech support, though, is anyone's guess. As all this is going on, the scammers downloaded any files of interest from his computer (seen below), sent him a bill for their services, and even asked him to take a photo of his ID and credit card for "proof." When they were unable to do so—Segura's camera is disabled by default—the call promptly came to an end.
Anyone familiar with internet safety protocol would see the red flags immediately—at least one would hope. But there are plenty of people out there who are very easy to scare and very eager to put their trust into someone they think is a professional. And that's what makes it so scary. [Unpacked via Wired]