Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Scam of the Week – Avengers Endgame Phishing Scam Targets Fans

Avengers endgame scam

Avengers Endgame has become a box office sensation, grossing more than a billion dollars in its opening week. Unsurprisingly, cybercriminals have been quick to exploit the movie’s popularity by tricking fans with free digital downloads of the movie.

Unfortunately, as with every major movie release, there will always be a proportion of fans that head to one of the many illegal streaming or download sites to see if they can watch the movie online. This provides the fraudsters with the perfect bait to launch their phishing scam.

According to security researchers at Kaspersky, the scam begins with a simple search online. The results include a website that promises the user either a free download or full viewing of the movie online.

Avengers endgame phishing scam

As soon as the user clicks on the icon, the streaming appears to start without any problem. However, within minutes, a message pops up asking the user to create an account before they can watch any more of the movie.

Avengers End Game movie scam

The free account prompts the user to enter a username and password, swiftly followed by a request for credit card details to validate the account. The website promises that the information is only used to ‘verify location’ to ensure the service can be accessed in the victim’s country.

In the final stage of the scam, many users may become suspicious and choose not to enter their credit card details, but often it’s too late and the damage is already done.

With 83% of us using the same password for multiple accounts, the crooks know that there’s a high probability they can use the same username and password combination to gain access to other user accounts. They can then use this information to commit identity fraud or sell it on and make a profit.

Of course, there is no movie and the brief footage the user watched at the start of the scam was from the movie’s trailer.

These scams have become increasingly common, as we’ve seen in recent weeks with the massive spike in ‘Game of Thrones’ Phishing scams. Cybercriminals are quick to jump on any global trends or news stories and use them as a cover for their devious scams.

How to avoid being scammed online

  • Users should be particularly vigilant and if something seems too good to be true it usually is!
  • Install the latest anti-virus software solutions on all devices.
  • Ensure that all applications and operating systems are up to date.
  • Never click on links or download attachments from unknown sources.
  • Always verify the security of a website – Check the site has been secured using HTTPS / Check for a website privacy policy /Use a website safety check tool such as Google safe browsing / Do a WHOIS lookup to see who owns the website.
  • Consider the use of a password manager to maintain the security of multiple accounts

Phishing accounts for around 95% of all successful cyber-attacks worldwide and poses a serious risk to the security of organisations. MetaPhish has been created to provide a powerful defence against these threats and enables organisations to find out just how susceptible their company is to attack. If you would like to find out more about how MetaPhish can be used to protect your business, then contact us for further information.

about the author

sharing is caring

Share on linkedin
Share on twitter
Share on facebook

you might enjoy reading these

UK GDPR Series Available Now

Privacy is an ongoing concern for every organisation, however, the notion of consent isn’t without its complications. To help organisations navigate data protection protocols, we
Read More »

Seasonal Phishing Templates

Phishing is a year-round activity for cybercriminals, and just like retailers, they use seasonal events as an opportunity to cash in. Seasonal occasions, including St
Read More »

Request Demo

The personal information that you provide to us in this form will only ever be used by MetaCompliance (as the Data Controller) for the following specifically defined purposes:

  • email you content that you have requested from us
  • with your consent, occasionally email you with targeted information regarding our service offerings
  • continually honour any opt-out request you submit in the future
  • comply with any of our legal and/or regulatory obligations