Fans of Star Wars Pay More Than They Bargained For to See Latest Movie

Many fans of the iconic Star Wars movies jumped at the chance to see “The Rise of Skywalker” before it hit the big screen. What sounded like a great opportunity turned out to be a bad choice as takers found themselves on the wrong end of a phishing scam. Just before the December release of the movie in theaters, cybercriminals ratcheted-up phishing attacks aimed at exploiting fans. Hackers flooded the web with opportunities to see pirated copies of the movie. Instead of seeing what they hoped, many Star Wars fans saw their devices infected with malware and their credit card information stolen. It wasn’t trickery of the Dark Side, either. Unfortunately, this scam and others just like it are very much active.

Kaspersky Labs found over 30 fraudulent social media profiles and websites that are promoting the malicious websites that are supposedly streaming the movie before its release to the theaters. This practice is called Black SEO, which allows criminals to pose as any number of movies or popular personalities to lure people into clicking. 

This latest chapter in the epic saga gave hackers what they love–the opportunity to scam mega-fans. Bad actors use socially engineered phishing attacks to install malware and steal credit card numbers. In many cases, users were told they needed to input their credit card data to register for the movie. Kaspersky researchers found over 30 fake and infected streaming sites and no shortage of social media pages claiming to be the “official” source for advance viewing of the film. They also discovered at least 65 malware-filled files cleverly disguised as downloadable copies of the movie.

Bad actors love to exploit popular and current topics and find a way to twist them to their advantage. For them, the Star Wars saga has been a sure bet to draw fans into a web of deceit. In 2018, experts detected a 10% jump in the number of malware attacks using Star Wars movies. Hackers have also found a way to push their malicious websites and content higher in search results. The higher they are on the list, the greater the likelihood they will catch more click bait.

Security experts warn both movie and TV fans to tread carefully when watching online. Phishing smarts and a dose of common sense go a long way helping make sure a source is legitimate. Emails that promise early viewing of a movie or show should automatically be suspect, and never click on links in the email. Never download files with a .exe extension, even if they appear to be from a trusted source. Finally, research websites before taking any action. Read reviews and carefully check the website name, looking for any misspellings and always make sure that “https” is at the start of the URL. May the source be with you.