Marvel Studio’s $2.2 billion box-office hit “Avengers: Endgame” has quickly risen to the second-highest grossing film of all time in its first two weekends. Not surprisingly, cybercriminals have wasted no time in capitalizing on the movie’s success by luring victims with free digital downloads of the film. How? By tempting users with security shortcuts so they can watch the film without worrying about spoilers or sold-out movie tickets.
When a victim goes to download the movie from one of the many scam sites popping up around the web, the streaming appears to begin automatically. What the user doesn’t know is that the footage being streamed is just from the movie’s trailer. Soon after, a message pops up stating that the user needs to create an account to continue with the download. The “free” account prompts the user to create a username and password in advance, which could potentially be useful for cybercriminals due to the common practice of password reuse. Once a victim creates an account, they are asked for billing information and credit card details in order to “verify location” and make sure the service is “licensed to distribute” the movie in the victim’s region. These crooks are then able to scrape the victim’s personal and financial data, potentially leading to online account hacks, stolen funds, identity theft, and more.
Luckily, Marvel fans can protect their online data to avoid a cybersecurity endgame by using the following tips:
- Look out for potential scam activity. If it seems too good to be true, then it probably is. Be wary of websites promising free movie downloads, especially for movies that are still in theaters.
- Shield your financial data. Be suspicious of “free downloads” that still require you to fill out billing information. If an unknown website asks for your credit card information or your bank account data, it’s best to avoid the site altogether.
- Make sure your credentials are unique. With this scam, threat actors could use the login credentials provided by the victim to access their other accounts if they didn’t have a unique login. Avoiding username and password reuse makes it a lot harder for cybercriminals to hack into your other online accounts if they gain access to one.
- Assemble a team of comprehensive security tools. Using a tool like McAfee WebAdvisor can help you avoid dangerous websites and links and will warn you in the event that you do accidentally click on something malicious.
And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.