Shocking Netflix ‘hijacking' that uses convincing trick to empty your bank account exposed as TV fans told ‘be careful'
NETFLIX users are being warned of a scam that could see them vulnerable to having their personal data stolen.
Cyberprotection company, Malwarebytes, issued the serious warning for people who search for tech support numbers online and that hackers were using sponsored ads to fool unsuspecting punter.
The company explained that "cybercriminals frequently use ads directing to a malicious site to take advantage of our trust in sponsored search results for popular brands."
It found in a recent ruse, that support scammers were hijacking the results of legitimate sites.
How they pull off their scam is that they will pay for a sponsored ad on Google pretending to be a major brand and while that will usually lead to a fake website, there were some cases people were to a brand's legitimate site, "but with one small difference."
The company used photos showing how the address bar on a website that a person was taken to after unknowingly clicking on one of these dodgy ads looked legitimate, but "the results had been poisoned to display the scammer's phone number instead of the business' real number."
"When you call the scam number, the scammers will pose as the brand with the aim of getting you to hand over personal data or financial information, or even allow them remote access to your computer," Malwarebytes wrote on X, formerly Twitter.
It then showed examples of how scammers had manipulated the real Netflix site but a "fake number appears in what looks like a search result, making it seem official."
"This is able to happen because Netflix's search functionality blindly reflects whatever users put in the search query parameter without proper sanitization or validation," the company explained.
"This creates a reflected input vulnerability that scammers can exploit."
Netflix was just one example of the scammers' grit, Malwarebytes also found other brands that were targeted included, PayPal, Apple, Microsoft, Facebook and HP.
Malwarebytes suggested people install browse guards on their computers to protect them from the elaborate scams.
Netflix reveal huge list of movies and TV shows being axed next month – with some children's favourites in the mix
Outside of installing the browser guard, people can also protect themselves from this kind of scam in a number of different ways.
Red flags to look out for include, a phone number in the URL, suspicious search terms like 'Call Now' or 'Emergency Support' in the address bar of the browser, an excess of encoded characters alongside the characters,such as, %20 (space) and %2B (+ sign) along with phone numbers.
Other warning signs include, the website showing a search result before you entered one, an in-browser warning for known scams, and urgent language displayed on the website.
How to spot a dodgy app
Detecting a malicious app before you hit the 'Download' button is easy when you know the signs.
Follow this eight-point checklist when you're downloading an app you're unsure about:
Check the reviews - be wary of both complaints and uniformly positive reviews by fake accounts.
Look out for grammar mistakes - legitimate app developers won't have typos or errors in their app descriptions.
Check the number of downloads - avoid apps with only several thousand downloads, as it could be fake.
Research the developer - do they have a good reputation? Or, are totally fake?
Check the release date - a recent release date paired with a high number of downloads is usually bad news.
Review the permission agreement - this agreement gives permission for the app to take bits of your data, and fake apps often ask for additional data that is not necessary.
Check the update frequency - an app that is updated too frequently is usually indicative of security vulnerabilities.
Check the icon - look closely, and don't be deceived by distorted, lower-quality versions the icons from legitimate apps.
All of this information will available in both Apple's App Store and the Google Play Store.
"And before you call any brand's support number, look up the official number in previous communications you've had with the company (such as an email, or on social media) and compare it to the one you found in the search results. If they are different, investigate until you're sure which one is the legitimate one," said Jérôme Segura, senior director of research of Malwarebytes.
"If during the call, you are asked for personal information or banking details that have nothing to do with the matter you're calling about, hang up."
2
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Daily Mail
30 minutes ago
- Daily Mail
British pilot, 24, is found dead at US Navy base 'with gunshot wound'
A British pilot was found dead at an American Navy base after suffering a gunshot wound to the head, an inquest has reportedly heard. Costas Georgellis, 24, died on April 29 at the Naval Air Station Corpus Christie, in Nueces County, Texas, where he had been training to become a fighter pilot. The Sun today reported that Richard Furniss, an assistant coroner for West London, suggested that Mr Georgellis's death had the 'hallmarks of suicide'. However, Mr Furniss is said to have not confirmed whether a criminal investigation had been launched. The newspaper said the inquest was adjourned until more information has been provided by authorities across the pond. Mr Georgellis, who was a keen hockey player and Loughborough University graduate, was given a military-style funeral in Amersham, Buckinghamshire, where his parents live, on May 31. Attendees were asked to wear colours that 'reflect Costas's life' rather than the traditional black to the ceremony. 'Red, white or blue - the colours of his birth country, his adopted country and his home hockey club - is one option,' a memorial page for the 24-year-old read. 'Whilst purple in memory of his Loughborough University hockey days is another. Or simply wear your favourite colour.' Mr Georgellis's parents also launched a fundraising page with the £2363 proceeds going to mental health charities, Mind, and The Brandon Caserta Foundation. Loughborough University's hockey team posted on social media that they were 'heartbroken' by Mr Georgellis's death. They wrote: 'Costas was a cherished part of our club Known for his kindness, welcoming spirit and of course his backhand hit through his legs.' Another tribute by Mr Georgellis's parents said their son's 'infectious laugh' and 'kind heart' made the world a 'better place'. They added: 'He lived an amazing life, full of adventure, always pursuing his dreams with determination and bravery. He will never be forgotten.'
Daily Mail
an hour ago
- Daily Mail
Funeral home owner learns his fate after defrauding customers and government out of $900K
A Colorado funeral home owner who previously admitted to stashing nearly 190 dead bodies in a decrepit building and sending grieving families fake ashes has been sentenced to 20 years in prison for wire fraud. Jon Hallford, owner of Return to Nature Funeral Home, was found guilty of cheating customers and defrauding the federal government out of nearly $900,000 in Covid-19 aid. He pleaded guilty to conspiracy to commit wire fraud in federal court last year but in a separate case, Hallford also pleaded guilty to 191 counts of corpse abuse in state court and will be sentenced for those crimes in August. At a hearing on Friday, federal prosecutors sought a 15-year sentence and Hallford´s attorney asked for 10 years. Judge Nina Wang said that although the case focused on a single fraud charge, the circumstances and scale of Hallford's crime and the emotional damage to families warranted the longer sentence. 'This is not an ordinary fraud case,' she said. In court before the sentencing, Hallford told the judge that he opened Return to Nature to make a positive impact in people's lives, 'then everything got completely out of control, especially me.' 'I am so deeply sorry for my actions,' he said. 'I still hate myself for what I´ve done.' Hallford and his wife, Carie Hallford, were accused of storing the bodies between 2019 and 2023 and sending families fake ashes. Their funeral home promised a more natural burial, offering to bury bodies without embalming fluids or metal caskets if families opted not to have remains cremated Investigators described finding the bodies in 2023 stacked atop each other throughout a squat, bug-infested building in Penrose, a small town about a two-hour drive south of Denver. The bodies had been left at room temperature to rot. The were only found after neighbors issued complaints over a 'dead animal smell' covering the area around the funeral home. Some of the bodies had been in the maggot-infested building for years before they were discovered following reports of a foul odor. Their funeral home promised a more natural burial, offering to bury bodies without embalming fluids or metal caskets if families opted not to have remains cremated. Relatives would pay upwards of $1,200 for an eco-friendly end, which also came with the promise of a tree planting in the Colorado National Forest. The morbid discovery revealed to many families that their loved ones weren't cremated and that the ashes they had spread or cherished were fake. The supposed ashes were allegedly 'concrete dust.' Relatives said they raised their suspicions with the couple but were ignored or brushed off by the the couple every time. When the family of retired Army officer Tanya Wilson received her ashes, her brother Elliot thought they were unusually heavy and confronted Carie Hallford. When he took them to a nearby funeral director he was told 'I've never seen anything that looks like that in the range of what cremated remains would typically expect to look like.' Two families were so suspicious they mixed the 'ashes' with water and found that they solidified. In two cases, the wrong body was buried, according to court documents. Many families said it undid their grieving processes. Some relatives had nightmares, others have struggled with guilt, and at least one wondered about their loved one's soul. Among the victims who spoke during Friday's sentencing was a boy named Colton Sperry. With his head poking just above the lectern, he told the judge about his grandmother, who Sperry said was a second mother to him and died in 2019. Her body languished inside the Return to Nature building for four years until the discovery, which plunged Sperry into depression. He said he told his parents at the time, 'If I die too, I could meet my grandma in heaven and talk to her again.' His parents brought him to the hospital for a mental health check, which led to therapy and an emotional support dog. 'I miss my grandma so much,' he told the judge through tears. Federal prosecutors accused both Hallfords of pandemic aid fraud, siphoning the money and spending it and customer´s payments on a GMC Yukon and Infiniti worth over $120,000 combined, along with $31,000 in cryptocurrency, luxury items from stores like Gucci and Tiffany & Co., and even laser body sculpting. Derrick Johnson told the judge that he traveled 3,000 miles to testify over how his mother was 'thrown into a festering sea of death.' 'I lie awake wondering, was she naked? Was she stacked on top of others like lumber?' said Johnson. 'While the bodies rotted in secret, (the Hallfords) lived, they laughed and they dined,' he added. 'My mom's cremation money likely helped pay for a cocktail, a day at the spa, a first class flight.' Jon Hallford´s attorney, Laura H. Suelau, asked for a lower sentence of 10 years at the hearing Friday, saying that Hallford 'knows he was wrong, he admitted he was wrong' and hasn't offered an excuse. His sentencing in the state case is scheduled in August. Asking for a 15 year sentence for Hallford, Assistant US Attorney Tim Neff described the scene inside the building. Investigators couldn't move into some rooms because the bodies were piled so high and in various states of decay. FBI agents had to put boards down so they could walk above the fluid, which was later pumped out. Carie Hallford is scheduled to go to trial in the federal case in September, the same month as her next hearing in the state case in which she's also charged with 191 counts of corpse abuse.
Daily Mail
an hour ago
- Daily Mail
Adorable boy, 4, who 'loved giving hugs' is found dead inside car on 91F day
A four-year-old boy, known for his love of giving hugs, was found dead inside a sweltering car on a blisteringly hot afternoon in Georgia, authorities said. The Georgia Bureau of Investigation confirmed it is looking into the death of Kameron Jamel Williams, whose body was discovered last Sunday at the Summer Trace Apartment Complex in Metter. Temperatures in the area had reached a suffocating 91 degrees Fahrenheit at the time. According to the Metter Police Department, officers responded around 1pm to a report of a missing child. Family members and police desperately searched the property, hoping to find Kameron safe. Instead, a relative made the heartbreaking discovery inside a parked car, where the boy had succumbed to the punishing heat. He was pronounced dead at the scene. 'Children who get into cars on their own are typically about 18 months to 4- or 5-years-old,' explained Amber Rollins, director of the Kids and Car Safety organization, in an interview with WTOC. 'About 68% of those children who get in on their own and can't get back out are little boys. So, this situation meets the typical profile for that type of situation.' Temperatures in the area had reached a suffocating 91 degrees F at the time little Kameron had climbed inside the vehicle outside his home in Metter, Georgia Investigators believe Kameron had left his apartment on his own and began playing nearby. Security video reportedly shows a child matching Kameron's description entering a vehicle and never getting back out. The Candler County coroner later confirmed the worst: the boy was beyond help by the time he was found. As family members grieve, experts highlight a tragic pattern all too familiar in the summer months. Rollins told WTOC that an average of 40 children die each year across the country after being trapped in hot cars, with more than half of them managing to get inside on their own but becoming unable to escape. Although no foul play is suspected at this time, Police Chief McKinley Lewis said the case is still under active investigation. Kameron's body has been sent to the GBI Coastal Crime Lab Medical Examiner's Office for an autopsy, with results pending. Images from the scene showed a police perimeter near a cluster of parked vehicles at the Summer Trace complex, where stunned residents looked on in disbelief. The GBI said its agents are working closely with the Metter Police and the Candler County Sheriff's Office to establish a timeline of exactly how long Kameron was trapped and what could have prevented such a tragedy.
