“Avengers: Endgame” dominated the human race’s world since it started showing last month. People were obsessed with the story and how “epic” it was. The sheer number of data pointing to users talking about the movie is enough reason for cybercriminals to take advantage of the situation.
In a media release, cybersecurity firm Kaspersky Lab said that its filtering experts have found that cybercriminals used the movie for fraud and money theft.
Criminals created a dozen websites, offering fans the opportunity to watch the latest “Avengers” blockbuster free online in advance of national premieres.
Once a user agrees and clicks on the online-player icon, a short scene from the movie is shown, which is in fact just a part of the official trailer. After a few seconds, the video stops and the victim is redirected to registration and check out page that contains fields for bank card details including the CVV2 code. The site reassures the user that this is only for validation purposes, to prove that a user is a real person.
Once the user has filled out the form with their payment details, the criminals can use them for stealing the user’s funds.
“Social engineering methods are aimed at exploiting people’s emotions,” says Tatyana Sidorina, a security researcher at Kaspersky Lab. “An influential and much-loved franchise with an enormous global fan base seems like the perfect target. The temptation to take a few security shortcuts in order to be able to watch a long-awaited movie and not have to worry about spoilers or sold-out tickets can prove irresistible to loyal fans; that is what the attackers prey on.”
Kaspersky Lab advice for staying safe:
Do not click on links in emails, texts, instant messaging or social media posts if they come from people or organizations you don’t know. Check for suspicious or unusual addresses when any personal or financial information is asked for, legitimate ones should start with ‘https’∙
Phishers often exploit emotions. Signs that there could be phishers at work include messages that are unduly threatening (warning of a potential fine or other penalties, for example), demand immediate action, ask for vast amounts of very personal and seemingly irrelevant information, or simply sound too good to be true.
Have a separate bank card and account with a limited amount of money specifically for online entertainment. This will help to avoid serious financial losses if your bank details are stolen.
Use a reliable security solution for comprehensive protection from a wide range of threats.