Scam of the Week: Avengers fans targeted

2019-05-17_09-37-27.png

Avengers Endgame has become a box office sensation, grossing more than a billion dollars in its opening week. Unsurprisingly, cybercriminals have been quick to exploit the movie’s popularity by tricking fans with free digital downloads of the movie.

Unfortunately, as with every major movie release, there will always be a proportion of fans that head to one of the many illegal streaming or download sites to see if they can watch the movie online. This provides the fraudsters with the perfect bait to launch their phishing scam.

According to security researchers at Kaspersky, the scam begins with a simple search online. The results include a website that promises the user either a free download or full viewing of the movie online.

Illegal download example

As soon as the user clicks on the icon, the streaming appears to start without any problem. However, within minutes, a message pops up asking the user to create an account before they can watch any more of the movie.

Scam webpage

The free account prompts the user to enter a username and password, swiftly followed by a request for credit card details to validate the account. The website promises that the information is only used to ‘verify location’ to ensure the service can be accessed in the victim’s country.

In the final stage of the scam, many users may become suspicious and choose not to enter their credit card details, but often it’s too late and the damage is already done.

With 83% of us using the same password for multiple accounts, the crooks know that there’s a high probability they can use the same username and password combination to gain access to other user accounts. They can then use this information to commit identity fraud or sell it on and make a profit.

Of course, there is no movie and the brief footage the user watched at the start of the scam was from the movie’s trailer.

These scams have becoming increasingly common, as we’ve seen in recent weeks with the massive spike in ‘Game of Thrones’ Phishing scams. Cybercriminals are quick to jump on any global trends or news stories and use them as a cover for their devious scams.

How to avoid being scammed online

  • Users should be particularly vigilant and if something seems too good to be true it usually is!

  • Install the latest anti-virus software solutions on all devices.

  • Ensure that all applications and operating systems are up to date.

  • Never click on links or download attachments from unknown sources.

  • Always verify the security of a website – Check the site has been secured using HTTPS / Check for a website privacy policy /Use a website safety check tool such as Google safe browsing / Do a WHOIS look up to see who owns the website.

  • Consider the use of a password manager to maintain the security of multiple accounts

Phishing accounts for around 95% of all successful cyber-attacks worldwide and poses a serious risk to the security of organisations. MetaPhish has been created to provide a powerful defence against these threats and enables organisations to find out just how susceptible their company is to attack. If you would like to find out more about how MetaPhish can be used to protect your business, then contact us for further information.