Beware of the Barbie Scam: What You Need to Know After the Recent Movie Release

Barbie-related ScamsScammers are taking advantage of the popularity of the Barbie movie, according to researchers at McAfee.

“In the last 3 weeks, we’ve seen 100 new instances of malware that have Barbie-related filenames,” the researchers write. “Once again, this shows how attackers have latched onto the movie’s hype, hoping the people will click the malicious files because the Barbie name is trending.

The types of files varied but included typical types such as .html and .exe. By and large, attackers focused on the U.S., yet other countries have found themselves targeted as well.”

Steve Grobman, McAfee’s Chief Technology Officer, notes that criminals often exploit popular topics to distribute scams: “As Barbie makes her debut on the big screen, scammers are aiming to cash in on the summer blockbuster. A rash of scams have cropped up online, including bogus downloads of the film that install malware, Barbie-related viruses, and fake videos that point people to free tickets—but lead to links that steal personal info with spyware instead.

Cybercriminals are always on the lookout for opportunities to make phishing and other scams more attractive and believable. They often leverage popular and well-publicized events such as movie premieres, concerts, or sporting events to trick users into clicking on malicious links.”

McAfee offers several recommendations to help users avoid falling for these scams:

  • Stick with trusted retailers and streamers. Keeping your shopping and viewing to known, reputable brands remain your safest bet online. Trusted retailers carry legitimate merchandise. And if counterfeit and knockoff goods do slip into their marketplaces, refund policies give you a way to recover your loss. Moreover, trusted streamers will only carry shows and events that they have the rights to. If you find an offer to stream something that’s heavily discounted, free, or not available on known media outlets, it’s likely a scam. At the very least, it might be pirated content, which could carry malware threats along with it.
  • Purchase tickets from the theater chain or a reputable ticketing app. Another way scammers like to cash in on a hot ticket is to open a bogus online box office that charges for tickets. Of course, they won’t deliver. They’ll simply take your money and your card number to boot. You can avoid this by purchasing your tickets online directly from the theater or with a reputable online movie ticketing app that you can find in Apple’s App Store or Google Play.
  • Watch out for shoddy-looking sites. Online scammers have various levels of sophistication when it comes to building and designing scam sites. Some can look quite legitimate, yet others look rather slapped together. In either case, keep a sharp eye out for poor web design, typos, and grammatical errors, however small. These often indicate a scam site, as reputable companies make every effort to provide a clean and professional-looking experience.”

KnowBe4 has made Barbie and Oppenheimer phishing templates you can send to your users. 

Screenshot 2023-07-28 at 3.51.32 PM

New-school security awareness training can enable your employees to thwart social engineering attacks.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews