Spider-Man Fans, Watch Out! You Might Become the Next Victim in a New Phishing Campaign
Threat Actors Are Trying to Steal Their Banking Info via Phishing Links Based on the Newest Marvel Movie.
The superhero movie Spider-Man: No Way Home finally came out on Friday, December 17, and has already become the third biggest global debut weekend of all time, with Marvel fans going crazy over the premiere.
As we already know, malicious actors are also excited about these types of events as they are perfect for all sorts of attacks.
Speaking of this, researchers at cybersecurity company Kaspersky warned that the release of the newest Spider-Man movie is being used by fraudsters to deliver malware and steal financial information.
Cybercriminals were noticed attempting to take advantage of the hype around the new Marvel movie, according to the researchers, with increased activity seen before its premiere.
The Spider-Man: No Way Home Scam
As per the report from Kaspersky, multiple phishing websites claiming to show the movie online have appeared before the grand debut.
To watch the movie, users had to register and provide their credit card details on these sites, which resulted in money being stolen and payment data being collected by the scammers. As expected, the victims were unable to see the film online.
Besides deceiving users into divulging credit card information, hackers are attempting to lure Spider-Man fans into downloading malicious files under the guise of downloading the film. These files contain downloaders that can install other malicious programs, adware, and Trojans.
According to the researchers, malicious actors are leveraging the increasing popularity of fan theories and art focused on the Spider-Man movie series to create interest in their fraudulent websites. For example, news that Tobey Maguire and Andrew Garfield will reprise their roles as Peter Parker was leaked, prompting fans to come up with their own theories.
To increase the interest of the phishing pages and attract fans, the fraudsters do not use official movie posters but artistic images that include all of Spider-Man’s actors.
Security expert at Kaspersky Tatyana Shcherbakova stated:
Fans’ expectations are through the roof right now, arguably higher than for any film. Everyone who has ever been a fan of Spider-Man has their own theories about the films, which can be exploited by cyber-criminals.
Forgetting about cybersecurity, the audience is in a hurry to find out the secrets of the premiere movie, and fraudsters are using fan arts and trailer cuttings as bait to make victims download malicious files and enter banking details. We encourage users to be alert to the pages they visit and not download files from unverified sites.
What Can You Do to Avoid Becoming a Victim?
Cybersecurity researchers advise users to:
- avoid clicking on links that promise movies or TV shows trailers;
- consult the entertainment service provider;
- verify the authenticity of the website before giving away your private information;
- always use official and trusted sites to watch or download movies.