In the past decade, word of phishing has spread to the masses and many people have learned what to avoid and look out for. In addition, software has improved and there are now online defenses against phishing. Mass messages that once tricked a few percent of unsuspecting email users are now mostly caught in elaborate spam filters, never to be opened. And the ones that do make it through are usually far too vague or generally addressed for the average user to be fooled by it. Unfortunately, the same campaigns used to educate the masses have improved criminals techniques of stealing people’s information. Phishing has evolved from a wide lazy net to more concentrated and tailored efforts against a specific group. This method is called spear phishing and is usually seen as a personalized attack against a known target or an attempt at impersonating a trusted company to fool any of their clients.
In the past few weeks there has been a new spear phishing attack sent out to Netflix subscribers and placed in fake ads. It then sends them to a fake login page that tells them their account has been suspended due to “unusual activity”. It then provides a phone number for a “customer representative” that tries to convince you to download “Netflix support software” that is really a remote login program. Once fooled, Netflix users’ information on their computer could easily be stolen and their contact lists could be sent the same phishing attack. This technique of posing as trusted companies has a higher success rate for scammers than traditional blanket phishing attacks, and can hurt companies’ reputations. This type of attack is exactly what we want to educate the community about and put an end to. If you are contacted and information is requested by an unknown or untrustworthy source, send information to firstname.lastname@example.org for assistance.
Phishing isn’t going to get any easier to prevent in the near future; spam filters may block a majority of it but with the sheer amount of attempts, people are bound to encounter it eventually. Be prepared and never trust a message just because it claims to be a company. Remember to always check the URL address of the website you’re on and try to use a HTTPS secure connection whenever possible. If you want the most secure connection possible on each site, download HTTPS Everywhere here. Also, as a general rule never give out your personal information over the phone to someone you don’t know and never download something that doesn’t come from a good source. A quick search of the term “Netflix support software” would have told you about the scam. Always think before you click, especially during tax season, and we can all live in a safer online world.