Recently, I wrote about an uptick in fake Geek Squad subscription emails that scammers use to trick you into buying fraudulent services or to phish for credit card information. It appears the same methodology is being used in conjunction with emails for Philo TV subscriptions (a popular budget streaming TV service), so that is another vector to watch out for.
The scam begins when you get an email informing you that your subscription to Philo TV has been activated. The scam email I received was personalized to me, suggesting that the scammers are using a hacked database of information to add an air of legitimacy to the scam.
Good Afternoon Josh Kirschner, Please be aware that your payment is due.
Your Philo TV subscription will be active in 24 hours! After that you will be able to login to your Philo account with an email that you have mentioned during the registration process, and get a full access to your Philo TV.
There is nothing you have to do in order to stay with Philo! The payment for this invoice will be taken off from the account that you mentioned automatically..
We are thankful you decided to prolong with Philo.
In case you have any problems regarding your subscription please check the invoice below. There we got all the details about your subscription and our customer care phone number.
After any free trial(s), you will be charged the mentioned amount plus taxes on a recurring monthly basis. If you do not cancel during the free trial period, you will be charged. Your subscription will continue until you terminate it.
In addition to the email note, there was also an attached personalized PDF with my subscription details.
If you’re not a Philo subscriber, your concerns would immediately be raised about why you’re now signed up for this service you’ve probably never even heard of. And if you are a subscriber, the hefty price – Philo is normally priced at $25 per month – would certainly set off alarm bells. So, I called the number listed to see how this scam progressed.
After a few minutes on hold, I was connected to someone. He asked me for my subscription number from the PDF and then confirmed my name – indicating he had access to the same database used to send out the emails. To confirm my subscription status, he directed me to go to tvphilo dot com and click on “Check my Subscription”. The check didn’t function, so he suggested we have a support call and sent me a link to a Zoho remote support session.
Remote support sessions – whether through Zoho, LogMeIn or another service – are a typical way scammers trick you into gaining access to your computer. Once in, they may try to convince you there is malware on your laptop by showing you completely normal system processes (yet scary sounding to novices), or even install malware directly under the guise of a system utility or antimalware program. The follow-up is to then get you to agree to pay for additional support or software services to remove the non-existent malware. At this point, I ended the process, as there was no way I was giving this guy access to my computer.
If you know what to look for, there were many clues that the email and various steps I went through were all part of a scam. First, the email came from a Hotmail account and had multiple grammar issues, along with wording that doesn’t sound like it came from a native English speaker. No company is going to send official emails from a Hotmail account.
Once I was on the phone and he directed me to tvphilo.com, I immediately Googled Philo to confirm that tvphilo dot com is NOT the real Philo site (philo.com); it is an impersonation site constructed to fool you into thinking you’re on the official page. A quick ICANN domain check shows that tvphilo dot com was set up on 10/31/2022, the same day I received the scam. The lesson here is to always type in URLs directly when you want to reach a company site or Google to get the URL. Never click on a URL or link in an email you suspect may be fraudulent. Nor should you follow directions to call a number or visit a site provided to you by someone on the phone.
And finally, there is never a reason why anyone would ever need direct access to your computer unless you have contacted your manufacturer’s support help desk directly to resolve a hardware or software issue (and, even then, it’s pretty rare), so don’t give it to them.
[Image credit: Techlicious/Smartmockups]