Netflix-themed tech support scam comes back with more copycats

Netflix-themed tech support scam comes back with more copycats

A few weeks ago we blogged about this Netflix phishing scam combined with fake tech support that was extorting private information and money from people.

The scam worked by asking unsuspecting users to log into their Netflix account and enter their username and password into a fraudulent website.

After collecting the personal details, the perpetrators used a fake warning to state the particular account had been suspended.

All this effort was really about leading potential victims into a trap, by making them call a 1-800 number operated by fake tech support agents ready to social engineer their mark and collect their credit card details.

A slightly new variant is once again making the rounds with the same goal of funneling traffic to bogus ‘customer support’ hotlines:

blurred_netflix

techs-help.com/images/netflix.png

“Your email account has been temporary [sic] suspended due to suspicious activity detected. To resume your mail account, please contact customer support”

But this time around the scammers behind it are expanding the phishing pages to other online services as well to target a wider audience.

Crooks are buying online ads for each brand such as this one on Bing for “Netflix tech support number”:

bingad

Click here to watch the video with this particular fraudulent company.

In some cases they are redirecting people to fake login pages, which upon authentication always fails to one of the following popups:

copycats_blurred

Let’s take the AOL ‘theme’ and examine how it works:

  • The phishing page: a lookalike of the legitimate one, although the URL in the address bar should give it away.
AOL1
  • The call to action: upon entering a username and password, the following error message is is displayed to the victim, asking to call a number for assistance.
AOL2_blurred

It’s worth noting the extra effort to register domain names such as aolrisk.com and aolfix.us which are not affiliated with AOL whatsoever but yet sound reasonably credible.

To add insult to injury, the  site also includes another page hosting a ‘live chat’ manned by real technicians waiting to reel in their next victim in case the phishing page failed to work:

AOL_tech_blurred

What exactly happens if you call that number? Watch this video to see how an alleged ‘AOL technician’ repeatedly lies to you without any second thoughts and tries to sell you expensive computer support packages.

The scare tactics are always quite similar in nature and this one is no different:

Security has been compromised on your computer. The bad guys are having access to the computer and they’re stolen [sic] the password for the AOL and they were just doing some illegal activity from your account so that’s why due to security reasons it has been suspended for some time being [sic].

At the end of the day, the victim must pay several hundred dollars to fix all the (non-existent) hacking related issues and restore the (never suspended) account.

payment

This setup of phishing pages and error messages must certainly be worth it because we have observed several different perpetrators use them.

We can only expect scammers to diversify their lead-in tactics even more and come up with new creative ways to attract potential victims.

You should exercise extreme caution when clicking on ads, even when those are from Google or Bing as crooks are abusing these services and in fact spending a fair amount of money on them.

Case in point, the screenshot below was shared with us by Subhash Chandra running an advertising agency in India. He showed us the number of searches and cost of keywords for “AOL support”.

Each click on these ads costs little more than 2 USD and a prospect I got was spending 3000 USD per day on avg on clicks. that’s around 1500 Clicks to their website per day and the convertion [sic] rate for inbound calls is 8-10%.

AOLnumbers

Why pay so much for advertising? One of the many reasons is a simple equation between cost and revenue or to put it another way, return on investment.

The quality of leads you get from targeted advertising is much higher than that from random cold calls. If you can attract people already looking for help and offer them your service, chances are conversion rates will be higher. If only that service was legitimate.

Here is a list of domains involved with this particular strain of scams. Beware that cyber-crooks are constantly registering new ones, so this is just the tip of the iceberg.

  • techs-help.com
  • aolrisk.com
  • aolfix.us
  • myscreename.com
  • email-logon.com
  • login-emails.com

affiliatedhelp.com (This company claims their innocence. They were using the Netflix ad on Bing, and also caught in fraudulent sales tactics. However they are not associated with the other phishing scams and therefore have been taken off that list. Note that this company provides a third-party service (as per the disclaimer on this site) and that users are still free to choose where to get help from, although contacting the service provider in question directly is highly recommended).

Feel free to check out our tech support scams resource page listing all the tricks being used, how to protect yourself and what to do in case it’s too late.

@jeromesegura

ABOUT THE AUTHOR

Jérôme Segura

Principal Threat Researcher