Phishing Scammers Target Avengers End Game Fans
Once a user agrees and clicks on the online-player icon, a short scene from the movie is shown, which is a part of the official trailer. After a few seconds, the video stops and the victim is redirected to registration and check out page.
Within the first week of the release of Avengers End Game, the movie has already garnered lots of attention, shattering box office records. Kaspersky Lab's content filtering experts have found that cybercriminals could not resist the urge to use the movie for fraud and money theft.
To do so, they have created more than a dozen websites, offering fans the opportunity to watch the new Avengers blockbuster free online in advance of national premieres.
Once a user agrees and clicks on the online-player icon, a short scene from the movie is shown, which is in fact just a part of the official trailer. After a few seconds, the video stops and the victim is redirected to registration and check out page that contains fields for bank card details including the CVV2 code. The site reassures the user that this is only for validation purposes, to prove that a user is a real person.
Once the user has filled in the form with their payment details, the criminals can use them for stealing the user’s funds.
Tatyana Sidorina, a security researcher at Kaspersky Lab, said that social engineering methods are aimed at exploiting people’s emotions. An influential and much-loved franchise with an enormous global fan base seems like the perfect target. The temptation to take a few security short cuts in order to be able to watch a long-awaited movie and not have to worry about spoilers or sold-out tickets can prove irresistible to loyal fans; that is what the attackers prey on.
Kaspersky Lab advice for staying safe:
*Do not click on links in emails, texts, instant messaging or social media posts if they come from people or organizations you don’t know.
*Check for suspicious or unusual addresses when any personal or financial information is asked for, legitimate ones should start with ‘https’∙
*Phishers often exploit emotions. Signs that there could be phishers at work include messages that are unduly threatening (warning of a potential fine or other penalties, for example), demand immediate action, ask for vast amounts of very personal and seemingly irrelevant information, or simply sound too good to be true
*Have a separate bank card and account with a limited amount of money specifically for online entertainment, which, in turn, will help to avoid serious financial losses, even if your bank details are stolen.
*Use a reliable security solution for comprehensive protection from a wide range of threats.