Phishing scams are getting more sophisticated. In April 2014, some Netflix users who thought they were logging in to the popular video streaming service were taken to a page that stated there was a problem with the account. The page indicated that the way to solve the problem was to call a customer service number. Users who called the fake phone number fell victim to the newest phishing scam.
A phishing scam is any type of scam in which the scammer pretends to be a trusted entity in order to gain access to personal or sensitive information. Phishers often engage in tactics such as sending emails that appear as if they came from trusted senders. When users trust the information they receive, they are more likely to share their own personal information in return.
The fake customer service number scam that hit both Netflix and AOL this spring got its start as a poisoned search result. The phishing scam organization paid to get ads placed in search results so that users would click the ads and begin the scam process.
In the Netflix case, the phishing scam begins when users search for terms such as "Netflix tech support." The ad that appears claims to offer Netflix tech support, but is actually a poisoned search result created by the phishing scammers.
Once the user clicks on the ad, the user is invited to log in to Netflix. Of course, this isn't the real Netflix; it is a sophisticated look-alike created to scrape usernames and passwords. When the phishers have the username and password, the second phase of the scam begins. The phishers redirect the user to the page stating that there is a problem with the account and invite the user to call the fake customer service number.
Once the user calls the number, the scam becomes even more devious. The customer service representative asks to control the user's computer via remote access. Once the user gives the customer service representative control, the scam starts siphoning off files and data directly from the user's computer. This data often includes sensitive material such as passwords and banking information.
Meanwhile, the customer service representative is busy explaining to the scam victim that yes, the computer has been hacked. They'll be happy to fix the problem for a small fee. Some of these fake customer service phishing scams even ask users to pay for the service by holding their ID and credit card information up to the computer's camera. These two documents are the last pieces of information the scammer needs to steal the user's identity.
As NBC News notes, both Google and Bing are working to combat these scammers and take down the poisoned search results. In the meanwhile, protect yourself by always navigating to websites directly when searching for customer service numbers, never by clicking on ads found in search results.
The fake phone number scam is likely to continue until more people get savvy about what is going on. Then, when this scam no longer becomes profitable, the phishing scam artists will turn to the next big idea. Keep yourself safe from these scams by always verifying information you find online, even when you believe it is from a trusted service.
(Photo courtesy of chanpipat / freedigitalphotos.net)