April 2014: Can you be fooled by fake websites? Sophisticated new scams are using impostor Google and Netflix web pages that look totally authentic but are really phishing sites. The Netflix scam even has a fake customer service team posing as Netflix and Microsoft IT professionals — these scammers are creative! And unscrupulous.
Scammers will do whatever it takes to get your usernames, passwords and account numbers. Here’s what the Google and Netflix scams look like and how to leap away from all things phishing:
The Google phishing scam
Google Docs and Google Drive users get an email with the subject line “Documents” that looks like it’s from Google. It says you have an important message and asks you to click the link provided. The page you land on looks just like the Google Docs login page and has a Google Docs url because it’s hosted on Google servers. But it’s fake. So when you input your information, it goes right into the hands of the bad guys.
And you’re none the wiser because you’re redirected to another real-looking Google Docs page.
The Netflix phishing scam
Netflix users get an email that looks like it’s from Netflix – or anyone who’s on the web gets a pop-up or sees what looks like a Netflix ad or notification. When you click the link to try to log into your account, you’re instructed to call customer service instead because of unusual activity on your account.
Guess who picks up the phone when you call? It’s not Netflix!
But the person pretends to be from Netflix and lures you into an elaborate social engineering scam. The goal is to get you to click on a link that will download software that will supposedly troubleshoot your problem. Of course what you download is malware that instantly begins searching your computer for data to steal. Eventually the first scammer hands you off to another scammer who pretends to be from Microsoft. All this can be avoided if you do just one thing — check the url! For this scam it’s nexflix.afta3.com, not netflix.com.
Watch a video of the scam in action from Malwarebytes.
How to avoid these and other scams
1. Turn on your browser’s phishing and malware detection so you’ll be warned about suspicious websites. Chrome, Firefox, Explorer
2. Block third-party cookies to reduce the likelihood that you will be tracked, profiled and phished. Chrome, Firefox, Explorer
Safari works differently. It blocks third-party cookies by default and offers fewer security browsing options. Safari 6 (Mountain Lion) Safari 7 (Mavericks).
3. Remember the basics:
- Don’t reply to emails asking for personal information.
- Don’t click on a link unless you requested it. To see the url, hover over the link.
- Don’t open attachments you weren’t expecting, even from people you know. Email accounts are hacked every day.
- Don’t trust an email with grammatical or spelling errors. Even small errors, not just the obvious Nigerian-millionaire-scam errors.
- Don’t be curious about awesome offers. Even if you want that new smartphone or TV or whatever.
- Don’t be intimidated by threats. Reputable companies don’t try to scare you into clicking NOW.
- Don’t believe your bank or a government office will ask for personal information. They already have it
- Don’t forget to keep your anti-spam filter up to date. It can’t protect you from a scam that was invented after your last update.
| You may also be interested in: |
