People wanting to watch high-profile movies are the latest target in scams that trick users into offering up credit card details for a chance to download films not yet available for purchase.
When a first-run film is wildly popular, there will always be some number of people who want to watch it in the comfort of their own home. Cybercriminals take advantage of this by hosting phishing websites promoting the ability to download these movies for a small fee.
According to the researchers at Kaspersky, over 20 movie-related phishing sites have been identified with over 900 malicious files being offered up as movie downloads.
Movies such as Joker, 1917, The Irishman, and Once Upon a Time in Hollywood are top searched movies used by scammers. Leveraging social media and presenting an offer to watch the movie, users are taken for a ride that includes surveys, providing personal details, and collecting credit card information (shown below).
Ultimately, users download malware, which can result in just about any kind of attack – ransomware, business email compromise, identity theft, island hopping, and data theft. And because not everyone is downloading movies from home (as their work Internet connection is likely much faster), this puts organizations at risk.
Users need to be made aware via Security Awareness Training of the cyber threats that exist, and that movies are only available through proper distribution networks. Anything that promises otherwise should be considered suspect and a risk to the organization.