'Avengers: Endgame' being used for online scams

Science

04 May 2019

How fraudsters can dupe you with free 'Avengers: Endgame' download

Marvel's epic 'Infinity' saga is coming to an end with Avengers: Endgame, the movie that released last Friday and is already on track to become one of the highest grossing Hollywood movies.

But, as it turns out, the hype around Endgame is so much that scammers have started using the movie as a way to dupe unsuspecting internet users.

Here's how that is happening.

Issue

Scammers using free 'Endgame' downloads to trick people

Scammers using free 'Endgame' downloads to trick people

Avengers: Endgame has got so much interest that a number of people have turned to the internet to grab the recently leaked version of the movie.

But, here's the thing, scammers are aware of this.

They have started creating malicious websites promising free download or streaming of the movie but are actually laying a trap to trick unsuspecting users into giving their confidential details.

Details

Sign-in prompt steals confidential details

Security giant Kaspersky Labs has reported that scammers' websites redirect users to sign-in or create an account, as and when they make an attempt to download or stream the movie.

The prompt for sign-in seeks basic information without asking for money, but when users create an account, they give away their email and set a password.

This information directly goes to the fraudsters.

Love Tech news?

Stay updated with the latest happenings.

Yes, notify Me

Some sites even sought credit card details

Some of the websites highlighted by Kaspersky team also sought credit card details, including CVV. However, most of the users returned back to search results after seeing this prompt, the security experts added.

Attack

This opens gates for attacks

This opens gates for attacks

With emails and passwords at hand, scammers get an opportunity to carry out automated credential stuffing attacks.

Essentially, they can try the stolen email-password combinations across different sites in hopes of getting hold of several email, banking, or social media accounts.

This basically puts every compromised user who uses the same email-password combination for different services at risk.

Here's what Kaspersky said about the attack

"It's a pretty safe bet that at least some of the email and password combinations collected by scammers on this website will match account credentials on other websites - online shops, gaming or streaming services, e-mail accounts, social media, you name it."

Recommendation

Downloading movies from unofficial sources isn't recommended

Now, this is just one of the many reasons why security experts don't recommend downloading content from unofficial sources.

Such sites can even download malware on your machine in the garb of an interesting new movie like Avengers: Endgame.

And, even if you're not downloading a movie, watch out for suspicious sites and don't give away your personal information on any random page.

Share this timeline

Avengers Endgame Full Movie

Avengers Endgame Movie

Avengers Endgame Movie Download

CVV

Hollywood

Kaspersky

Kaspersky Labs

Share this timeline

Ask NewsBytes
User Image

Next Timeline