Avengers: Endgame shatters box-office records-but possibly also wallets, thanks to phishing scammers.
THE release of the finale of the epic two-part movie featuring the Avengers has shattered not just box office records worldwide: it has possibly shattered some people's wallets, thanks to cyber criminal targeting Avenger fans.
Global cyber security firm Kaspersky Lab said its content filtering experts have found that 'cyber criminals could not resist the urge to use the movie for fraud and money theft.'
Here's the modus operandi, according to Kaspersky: 'To do so, they have created no less than a dozen websites, offering fans the opportunity to watch the new Avengers blockbuster free online in advance of national premieres.
'Once a user agrees and clicks on the online-player icon, a short scene from the movie is shown, which is in fact just a part of the official trailer. After a few seconds, the video stops and the victim is redirected to registration and check out page that contains fields for bank card details including the CVV2 code. The site reassures the user that this is only for validation purposes, to prove that a user is a real person.
'Once the user has filled in the form with their payment details, the criminals can use them for stealing the user's funds.'
Tatyana Sidorina, a security researcher at Kaspersky Lab, explained why the cyber criminals are having a field day with the fans going gaga over Avengers: 'Social engineering methods are aimed at exploiting people's emotions. An influential and much-loved franchise with an enormous global fan base seems like the perfect target. The temptation to take a few security shortcuts in order to be able to watch a long-awaited movie and not have to worry about spoilers or sold-out tickets can prove irresistible to loyal fans; that is what the attackers prey on.'
Kaspersky Lab offered some advice for staying safe:
A* Do not click on links in emails, texts, instant messaging or social media posts if they come from people or organizations you don't know. Check for suspicious or unusual addresses when any personal or financial information is asked for, legitimate ones should start with 'https'A*
Phishers often exploit emotions. Signs that there could be phishers at work include messages that are unduly threatening (warning of a potential fine or other penalties, for example), demand immediate action, ask for vast amounts of very personal and seemingly irrelevant information, or simply sound too good to be true.
A* Have a separate bank card and account with a limited amount of money specifically for online entertainment. This will help to avoid serious financial losses if your bank details are stolen.
A* Use a reliable security solution for comprehensive protection from a wide range of threats, such as Kaspersky Security Cloud.
|Printer friendly Cite/link Email Feedback|
|Publication:||Business Mirror (Makati City, Philippines)|
|Date:||May 3, 2019|
|Previous Article:||Comelec completes AES software safeguards.|
|Next Article:||MESALA inc. chooses Consolsys' Mosaic Voyager Core Banking System.|