Cybercriminals are using the new James Bond movie, No Time to Die, as phishbait, the National reports. Researchers at Kaspersky warn that malicious ads and phishing sites are claiming, falsely, to offer free access to the full movie. The sites display the beginning of the movie, and then ask users to enter their credit card information to continue watching.
“When users visit a website in the hope of watching the long-awaited No Time to Die movie, they will be asked to register their details after seeing the first few minutes of the latest film,” The National says. “During the registration, victims would be required to enter their credit card information. However, after registration is complete, the user might not be able to continue watching. Money is debited from their card and the payment data ends up in the fraudster’s hands.”
Tatyana Shcherbakova, a security expert at Kaspersky, stated that phishing campaigns commonly use popular movie releases as phishing material.
“With the premieres of new films and TV series moving online, this has fuelled interest not only for cinephiles but also among scammers and fraudsters. Inevitably, such a long-awaited premiere as ‘No Time to Die’ causes a stir,” Shcherbakova said. “Users should be alert to the pages they visit, not download files from unverified sites and be careful with who they share personal information.”
The National offers the following recommendations to help users avoid falling for these attacks:
- “Avoid links promising early viewings of films or TV series. If you have any doubts about the authenticity of the content, check with your service provider.
- “Check the authenticity of website before entering personal data. Only use official, trusted webpages to watch or download movies.
- “Pay attention to the extensions of files you are downloading and check the spellings of company name.
- “Use a reliable security solution that identifies malicious attachments and blocks phishing sites.”
New-school security awareness training can teach your employees to follow security best practices so they can thwart social engineering attacks.
The National has the story.