There’s always a delay between a movie’s release and its availability on streaming services. Digital releases can take months — and the better the movie performs in theaters, the longer the delay, because studios make much more money in theaters than in living rooms.
Nevertheless, a lot of people start searching for new blockbusters online as soon as the movies are out, or even beforehand. Legitimate video services can’t provide — no surprise there. But scammers can. Or rather, they can try to convince you that they will provide. The most recent example is a scamming scheme related to the newly released and tremendously popular Avengers: Endgame.
1-It begins with a simple search. The results include a website that promises the user either a download or a full viewing of Avengers: Endgame online.
2-Streaming actually begins without incident. But soon after it starts, a message pops up to demand the user create an account.
3-Signing up for the account is free — except that the user has to provide an e-mail address and create a password.
4-However, after clicking Continue, the user finds out that isn’t enough. The account has to be validated. That requires the user’s billing information and credit card details including the CVC code printed on the back of the card.
The website promises the information will be used only to make sure that the user is from a country where the website is “licensed to distribute” the content. The user won’t be charged, it says.
Of course, there is no movie. The few seconds of genuine content that scammers streamed was just part of the movie trailer. And the information the user provided ends up in scammers’ hands.
Why creating an account on such websites is dangerous
Most visitors would simply leave the site after being asked for their credit card details. However, the scammers have already won by getting an e-mail address and a password.
People tend to use the same password for many accounts. Almost everybody does. Therefore it’s a pretty safe bet that at least some of the e-mail and password combinations collected by scammers on this website will match account credentials on other websites — online shops, gaming or streaming services, e-mail accounts, social media, you name it.
And those accounts are valuable for online scammers. They can be used for stealing money or digital valuables, for laundering stolen funds and items, or at the very least for spamming.
How to stay protected from this type of online scam
- Always question what you find online. Search engines are doing a good job keeping their search results clean, but they simply can’t sort out everything.
- Don’t enter any information — especially credit card details — on a website you have no reason to trust.
- Stop reusing passwords. Use a password manager instead.
- Use reliable antivirus software with protection from online scams and phishing.
Kaspersky Lab has found that cybercriminals have created at least a dozen websites offering fans the opportunity to watch the new Avengers blockbuster for free online, which allows the scammers to steal credit card details.