Using incognito mode and VPN may still not ensure total privacy, according to expert

Introduction 

Netflix is no stranger to its subscribers being targeted by SMS and email-led phishing campaigns. But the most recent campaign has been deployed at a global scale, affecting paid users in as many as 23 countries according to cybersecurity firm Bitdefender. In this particular campaign, attackers are using the carrot-and-stick tactic of either creating a false sense of urgency or promising rewards to steal financial information and Netflix credentials. For example, users may be contacted via SMS and told that their account is being suspended due to payment failures. A fake website may be shared through a link, encouraging the individual to share sensitive information to restore their account. Once this information has been input, it is now accessible to the attackers. This can create significant stress and even financial loss for its users. Thus, they are encouraged to develop the necessary skills to recognize and respond to these threats effectively.

How The Netflix Scam Works 

Users are typically contacted through SMS. Bitdefender reports that these messages may look something like this:

"NETFLIX: There was an issue processing your payment. To keep your services active, please sign in and confirm your details at: https://account-details[.]com"

On clicking the link, the victim is directed to a website designed to mimic an authentic user experience interface, containing Netflix’s logo, color scheme, and grammatically-correct text. The website uses this interface to encourage the victim to divulge sensitive personal information, such as account credentials and payment details. Since this is a phishing website, the user’s personal information becomes accessible to the attacker as soon as it is entered. This information is then sold individually or in bundles on the dark web.

Practical Steps to Stay Safe 

1. Know Netflix’s Customer Interface: According to Netflix, it will never ask users to share personal information including credit or debit card numbers, bank account details, and Netflix passwords. It will also never ask for payment through a third-party vendor or website.
2. Verify Authenticity: Do not open links from unknown sources sent by email or sms. If unsure, access Netflix directly by typing the URL into the browser instead of clicking on links in emails or texts. If the link has been opened, do not enter any information.
3. Use Netflix’s Official Support Channels: Confirm any suspicious communication through Netflix’s verified help page or app. Write to phishing@netflix.com with any complaints about such an issue.
4. Contact Your Financial Institution: If you have entered your personal information into a phishing website, you should immediately reach out to your bank to block your card and change your Netflix password. Contact the authorities via www.cybercrime.gov.in or by calling the helpline at 1930 in case of loss of funds.
5. Use Strong Passwords and Enable MFA/2FA: Users are advised to use a unique, strong password with multiple characters. Enable Multi-Factor Authentication or  Two Factor Authentication to your accounts, if available, to add an extra level of security.

Conclusion

Phishing campaigns which are designed to gather customer data through fraudulent means often involve sending links to as many users as possible, with the aim of monetizing stolen information. Attackers exploit user trust in online platforms to steal sensitive personal information, making such campaigns more sophisticated as highlighted above. This underscores the need for users of online platforms to practice good cyber hygiene by verifying information, learning to detect suspicious information and ignoring it, and staying aware of the types of online fraud they may be exposed to. 

Sources 

• https://www.bitdefender.com/en-gb/blog/hotforsecurity/netflix-scam-stay-safe
• https://help.netflix.com/en/node/65674
• https://timesofindia.indiatimes.com/technology/tech-news/netflix-users-beware-this-netflix-subscription-scam-is-active-in-23-countries-how-to-spot-one-and-stay-safe/articleshow/115820070.cms

Introduction

We are living in the digital age, where from ordering food to floating into a relationship everything is preferred to be digitized. It has been quite evident that in the past few years, online dating has become immensely popular due to its potential success stories. Since it has become a medium to find potential partners. Among the string of successes and pros of online dating, there seems to be a corner which is curtained that contains scams and treachery. A very recent case in Delhi puts light into the dark side of online dating where a 25-year-old journalist was trapped in an online dating scam. It portrays the threat of meeting an unknown person through an online dating app and how a person gets involved in the vicious cycle. Since the concept of online dating is all about meeting a new person and getting indulged. This incident talks about a man who met a woman through a dating app Bumble and got scammed for Rs 15000.

Unveiling the scam

It started like a fairy tale where a 25-year-old Delhi resident met with a girl on a dating app Bumble, where they spoke and found each other compatible. Followed by it the girl approaches the boy to meet at a specific restaurant situated in Delhi. The boy was away from the idea that the first meetup would turn into a nightmare which horrifying experience he would share on social media. It is not only about the financial loss but also about the emotional distress one goes through. Every coin has two sides and when surfing in the digital world one needs to keep in mind that along with the pros, there are certain cons. In the eagerness to meet someone, we should not lose our presence of mind. Continuing the incident once both reached the specified restaurant the girl made an order of various food items including beverages, shots of vodka, glasses of wine, different cuisines and hookah. Which not so surprisingly culminated in an inflated bill of Rs 15,886. After paying the hefty amount the boy went to the washroom once he came back the bill vanished followed by the girl being eager to leave the place. Till that very moment, the victim was in his dreamland where he did not get the hint that he had been scammed. Once he reached home and tried contacting the lady her account was deleted from the platform and was not reachable through calls. This incident shook the victim and pushed him to melancholy. Since he did not expect this to happen. Devastated by the fraud and treachery the man wrote about his disappointing experience on his Twitter handle addressing Delhi police to look into this.

It has been brought to the notice that similar incidents have been reported in the past as well. The trend remains the same in which the culprit insists the victim meet at a specific location decided by them, it is done with such conviction that it becomes difficult for the victim to deny. Once they accept to meet in the decided location it is followed by making the victim order expensive food and alcohol and at the time of payment giving excuses or pretending to pay. Once the payment is done the culprit rushes to leave the location or disappears without any head up. Not to be perplexed once they leave they will not leave any trace of them.

How to stay safe in the online dating world?

Online dating can bring butterflies in the stomach, and indeed it is a beautiful experience to meet someone new and fall in love but with this beauty, there comes the baggage of falling into the trap of cyber scams. While surfing online dating sites one needs to be very careful and vigilant since the highlighted incidents are relevant enough to showcase the negative impact on it.

Best practices

• Use reliable platforms:  With the growing digitalization, there are infinite platforms available for online dating. But here is the catch one needs to be very finicky in choosing an appropriate platform among the countless options. It is best to use authentic platforms or apps and read reviews and ratings before installing any such applications or platforms.
• Cross-verify the profiles:  Once you receive a profile compatible enough to talk about it is recommended to have elaborative conversations. It is not about doubting someone but being calculative and cross-checking all the information given. Before meeting the person it is best to have a detailed conversation but not reveal much about you.
• Have control in your pocket: When it comes to paying the bill be proactive in dividing the bill. It is advisable to do so that the liability of paying a hefty bill does not come from one party. This will make sure that even if one of the people has the intention to exploit the other person they will become alarmed. 
• Go with the flow: Since meeting an unknown person is all flowery and spontaneous, it is also good to follow your instinct and go with the flow if you find anything weird during the conversation or while in person. It is advisable to back off or to leave the place as soon as possible.
• Be cautious in sharing your personal information with strangers: While conversing with an unknown person online, it is very important to keep a hold on our emotions and not share any personal information which can be misused by cyber crooks. Also, it is very important that we do not discuss anything about our financial capabilities and transactions.  It is imperative to note that cyber crooks exploit the many new ways to commit online fraud by targeting innocent individuals. 
• Catching up in public places: When meeting for the first time it is advisable to meet a person in a public place such as a park, museums etc. It is the best way to avoid going to a place decided or being insisted. Since meeting in a public place gives a sense of security that people are around you.
• Keep your near people in Loop: No matter how private you are while meeting an unknown person keep your friends and near one aware of it. 

What to do if you fall into such dating scams

1. While one can be emotionally drained, it is very important to keep track of all the information shared, save all your messages, take pictures of the scammer's profile and document every small detail which can be relevant.
2. Report on the platform:  There would be a section called “Contact us” or “Report” on the platform where you can report against the scammer.  Most dating apps have this section where you can mention your issue so that they can take action against such profiles.
3. National Cyber Crime Reporting Portal, 1930 Helpline: The Cybercrime reporting portal http://www.cybercrime.gov.in/ equipped with 24x7 helpline 1930 is a powerful resource available to the victims of cybercrimes to report their cases. 

Conclusion

Online dating can become the gush of winds for someone but it is very important to keep in mind that with the potential of falling in love, there comes a threat of being trapped and getting into cyber frauds or scams. So many cases are being reported, and the recent case also highlights that not everyone on online sites is genuine. So be aware of such scams and stay informed and safe in the evolving digital environment. 

References

• https://www.moneycontrol.com/news/trends/delhi-cafes-hiring-girls-to-scam-customers-says-bumble-user-conned-out-of-rs-15000-11724701.html
• https://www.ndtv.com/delhi-news/delhi-man-falls-victim-to-scam-as-bumble-date-costs-him-15-000-4566680/amp/1
• https://services.india.gov.in/service/detail/national-cyber-crime-reporting-portal#:~:text=This%20portal%20is%20an%20initiative,crimes%20against%20women%20and%20children.

‍

Executive Summary:

Social media is buzzing with a link  that claims to offer an iPhone 15 as a gift from LuLu Hype­rmarket, presente­d as part of Holi celebrations. This article e­xamines the deceptive tactics behind this fraudulent offe­r and provides guidance on recognizing and avoiding such scams.

False Claim:

The link be­ing shared is misleading and falsely claims that LuLu Hype­rmarket is giving away free iPhone­ 15 phones. This is taking advantage of the Holi fe­stival to trick unsuspecting people. Whe­n users click on the link, they are­ redirected multiple­ times and end up on a page with LuLu Hype­rmarket's photo and some simple que­stions. Fake comments are also use­d to make the offer se­em genuine, but it is all a de­ception.

The Deceptive Scheme:

The plan uses psychological tricks by linking the offe­r to a famous brand and a popular celebration. The landing page's simplicity and phoney comments try to make users trust it and fe­el like they ne­ed to act fast, so they'll join the scam.

The Fraudulent Campaign Analysed:

The­ scammers are using psychological tactics to manipulate pe­ople. They're e­xploiting the trust people have­ in LuLu Hypermarket and the e­xcitement around the ne­w iPhone 15 during the Holi festival. The­ fake questionnaire se­rves no real purpose, but it's a way to e­ngage users and make the­ scam seem legitimate­. Testimonials claiming people have­ successfully receive­d the iPhone 15 are also fake­, designed to create­ a false sense of cre­dibility. Users are prompted to se­lect a "gift box," which adds an interactive e­lement to draw them in furthe­r. When a user sele­cts a box, they're falsely congratulate­d on winning the iPhone 15, giving them a se­nse of accomplishment. Finally, users are­ urged to share the link via WhatsApp to "claim" the­ gift, spreading the scam to more pote­ntial victims.

What do we Analyse? :

• We analyse the deceptive tactics employed by the scam, including psychological manipulation, false engagement techniques, and fake testimonials, all aimed at convincing users of the offer's legitimacy.

Link : (https://sophisticate­ddistort[.]top/nTiwpTTTT526?llue1696559991144)

• It is important to note that at this particular point, there has not been any official declaration or a proper confirmation of an offer made by Lulu Hypermarket So, people must be very careful when encountering such messages because they are often employed as lures in phishing attacks or misinformation campaigns. Before engaging or transmitting such claims, it is always advisable to authenticate the information from trustworthy sources in order to protect oneself online and prevent the spread of wrongful information
• The campaign is hosted on a third party domain instead of any official Website of LuLu Hypermarket, this raised suspicion. Also the domain was registered last year.
• The intercepted request revealed a connection to a China-linked analytical service, Baidu in the backend.

‍

‍

• Domain Name: sophisticateddistort.top
• Registry Domain ID: D20230629G10001G_04181852-top
• Registrar WHOIS Server: whois.west263.com
• Registrar URL: www.west263.com
• Updated Date: 2023-07-01T02:55:34Z
• Creation Date: 2023-06-29T06:05:00Z
• Registry Expiry Date: 2024-06-29T06:05:00Z
• Registrar: Chengdu west dimension digital
• Registrant State/Province: Shan Xi
• Registrant Country: CN (China)
• Name Server: curt.ns.cloudflare.com
• Name Server: harlee.ns.cloudflare.com

Note: Cybercriminal used Cloudflare technology to mask the actual IP address of the fraudulent website.

CyberPeace Advisory:

• Do not open those messages received from social platforms in which you think that such messages are suspicious or unsolicited. In the beginning, your own discretion can become your best weapon.
• Falling prey to such scams could compromise your entire system, potentially granting unauthorised access to your microphone, camera, text messages, contacts, pictures, videos, banking applications, and more. Keep your cyber world safe against any attacks.
• Never, in any case, reveal such sensitive data as your login credentials and banking details to entities you haven't validated as reliable ones.
• Before sharing any content or clicking on links within messages, always verify the legitimacy of the source. Protect not only yourself but also those in your digital circle.
• For the sake of the truthfulness of offers and messages, find the official sources and companies directly. Verify the authenticity of alluring offers before taking any action.

Conclusion:

During the festive season, as we engage in merrymaking and online activities, we should be mindful of fraudster's exploitation strategies. Another instance is the illegitimate Lulu Hypermarket offer of the upcoming iPhone 15. With the knowledge and carefulness, we can report any suspicious actions to avoid being victims of fraud in this way. Keep in mind the fact that legitimate offers are usually issued by trustworthy sources while if, the offer looks too good to be true, then it is rather a scam.

‍

‍

‍