The lure of watching the latest Avengers movie is enough motivation for some to fall for this scam aimed at collecting your credit card data.
There are a large number of websites that host and stream pirated copies of current movies. People around the world use these to see a movie before it’s available locally, or simply don’t want to pay to see it. And, as of the time of writing this article, no other movie fits this bill than Avengers: Endgame. Grossing well over $2 Billion in sales, it’s the movie to see.
According to Antimalware vendor Kaspersky, one site offering the movie for download is little more than a social engineering experiment to see if you’re willing to part with your credit card information in exchange for a promise to see the movie.
The scam begins with an offer to see Avengers: Endgame.
What follows jumps quickly from the expected to the scam:
- The visitor is asked to create an account – “You need to sign up to download” the site claims. It’s not unreasonable, as many sites do require an account to use their services and advertise to their audience via email.
- The visitor is asked to validate using a credit card – They explain it’s necessary because they “are only licensed to distribute [their] content to certain countries.”
It all sounds business-like, but this is clearly a scam. A) No one has been granted distribution rights to post a movie online that’s still in theaters, and B) Your credit card doesn’t provide any detail about your current location for distribution anyway.
This is a great example of how scammers use social engineering tactics to create an emotional connection with their target that is just strong enough for someone who’s not paying attention to fall for the scam.
More on this scam can be found on Kaspersky’s blog.