Fraudulent Star Wars websites stealing fans' data
Star Wars fans beware! Over 30 fake websites and social media profiles disguised as the official movie accounts have been collecting users' date. Cybersecurity researchers on Sunday said they discovered these sites that claimed to be official accounts of 'Star Wars: The Rise of Skywalker' and claimed they are distributing free copies of the latest film while collecting users' data.
Popular cyber security firm Kaspersky detected 285,103 attempts to infect 37,772 users seeking to watch movies of the popular space-opera series, signifying a 10 per cent rise compared to last year. The actual number of these fraudulent websites may be much higher which are collecting unwary users' credit card data, under the pretense of necessary registration on the portal."
As attackers manage to push malicious websites and content up in the search results, fans need to remain cautious at all times. We advise users to not fall for such scams and instead enjoy the end of the saga on the big screen," said Tatiana Sidorina, security researcher at Kaspersky.
Popular films are often used by cybercriminals as bait to distribute malware, and the latest movie is no exception. To further support the promotion of fraudulent websites, cybercriminals have also set up Twitter and other social media accounts, where they distribute links to the content.
"Coupled with malicious files shared on torrents, this brings the criminals results. So far, 83 users have already been affected by 65 malicious files disguised as copies of the upcoming movie," said security researchers. Look at the downloaded file extension.
Even if you are going to download a video file from a source you consider trusted and legitimate, the file should have an .avi, .mkv or .mp4 extension among other video formats, definitely not .exe," the Kaspersky team cautioned. Check the website's authenticity. "Confirm that the website is genuine, by double-checking the format of the URL or the spelling of the company name, reading reviews about it and checking the domains' registation data before starting downloads," said the cyber security firm.
*Edited from an IANS report