NETFLIX users are being warned of a scam that could see them vulnerable to having their personal data stolen.
Cyberprotection company, Malwarebytes, issued the serious warning for people who search for tech support numbers online and that hackers were using sponsored ads to fool unsuspecting punter.
Scammers are now posing as tech support to fleece people of their data[/caption]
The company explained that “cybercriminals frequently use ads directing to a malicious site to take advantage of our trust in sponsored search results for popular brands.”
It found in a recent ruse, that support scammers were hijacking the results of legitimate sites.
How they pull off their scam is that they will pay for a sponsored ad on Google pretending to be a major brand and while that will usually lead to a fake website, there were some cases people were to a brand’s legitimate site, “but with one small difference.”
The company used photos showing how the address bar on a website that a person was taken to after unknowingly clicking on one of these dodgy ads looked legitimate, but “the results had been poisoned to display the scammer’s phone number instead of the business’ real number.”
“When you call the scam number, the scammers will pose as the brand with the aim of getting you to hand over personal data or financial information, or even allow them remote access to your computer,” Malwarebytes wrote on X, formerly Twitter.
It then showed examples of how scammers had manipulated the real Netflix site but a “fake number appears in what looks like a search result, making it seem official.”
“This is able to happen because Netflix’s search functionality blindly reflects whatever users put in the search query parameter without proper sanitization or validation,” the company explained.
“This creates a reflected input vulnerability that scammers can exploit.”
Netflix was just one example of the scammers’ grit, Malwarebytes also found other brands that were targeted included, PayPal, Apple, Microsoft, Facebook and HP.
Malwarebytes suggested people install browse guards on their computers to protect them from the elaborate scams.
Outside of installing the browser guard, people can also protect themselves from this kind of scam in a number of different ways.
Red flags to look out for include, a phone number in the URL, suspicious search terms like “Call Now” or “Emergency Support” in the address bar of the browser, an excess of encoded characters alongside the characters,such as, %20 (space) and %2B (+ sign) along with phone numbers.
Other warning signs include, the website showing a search result before you entered one, an in-browser warning for known scams, and urgent language displayed on the website.
How to spot a dodgy app
Detecting a malicious app before you hit the ‘Download’ button is easy when you know the signs.
Follow this eight-point checklist when you’re downloading an app you’re unsure about:
- Check the reviews – be wary of both complaints and uniformly positive reviews by fake accounts.
- Look out for grammar mistakes – legitimate app developers won’t have typos or errors in their app descriptions.
- Check the number of downloads – avoid apps with only several thousand downloads, as it could be fake.
- Research the developer – do they have a good reputation? Or, are totally fake?
- Check the release date – a recent release date paired with a high number of downloads is usually bad news.
- Review the permission agreement – this agreement gives permission for the app to take bits of your data, and fake apps often ask for additional data that is not necessary.
- Check the update frequency – an app that is updated too frequently is usually indicative of security vulnerabilities.
- Check the icon – look closely, and don’t be deceived by distorted, lower-quality versions the icons from legitimate apps.
All of this information will available in both Apple’s App Store and the Google Play Store.
“And before you call any brand’s support number, look up the official number in previous communications you’ve had with the company (such as an email, or on social media) and compare it to the one you found in the search results. If they are different, investigate until you’re sure which one is the legitimate one,” said Jérôme Segura, senior director of research of Malwarebytes.
“If during the call, you are asked for personal information or banking details that have nothing to do with the matter you’re calling about, hang up.”
Netflix was just one of many brands targeted in the scam[/caption]
