‘Judas & the Black Mesiah’ was favourite for Best Picture at the 93rd Academy Awards on Sun., but it was a favourite for cyber-criminals too (the eventual real winner last night was ‘Nomadland’).
Anticipation surrounding the upcoming 93rd Academy Awards broadcast Sun. was being used by scammers to trick people into giving up their credentials — they thought they are about to stream Oscar-nominated films, but the reality turned out to be much different!
Prior to the winners being announced during the ceremony, many film fans like to watch as many of the nominated movies as possible. Scammers know this & were ready to strike.
“In the hopes of watching an Oscar-nominated movie, users visited a site where they were shown the first few minutes of the film before being asked to register to continue watching,” a Kaspersky report issued Fri. on the scam detailed. “During the registration, to confirm their region of residence, the victim was asked to enter their bank-card details.
After some time, money was debited from the card, & as expected, the film did not continue to play.”
‘Best Picture’ Oscar
Films are also being used to spread malware. Over the past year, Kaspersky’s team of researchers identified around 80 malicious files associated with films nominated in the Oscars’ “Best Picture” category. Of those, 70% spread via links to purportedly watch one of 3 movies:
‘Judas & the Black Messiah’ (the most-abused film, accounting to 27% of the malware); ‘Promising Young Woman’ with 22%; & ‘Trial of the Chicago 7’, which was associated with 21% of the abused files.
Other Academy-Award-nominated film titles used to spread malware include ‘Nomadland’ (14%), Mank (6%), Minari (5%), The Father (3%) & Sound of Metal (3% Kaspersky found.
The analysts added that this type of attack is common, but that security concerns are waning a bit thanks to the rise of streaming services & improved security surrounding video content.
“Cyber-criminals have always tried to monetise users’ interest in various sources of entertainment, including movies,” Anton V. Ivanov, a security expert at Kaspersky observed.
“We see that big events in the film industry can boost some interest from the cyber-criminal community, but today this type of malicious activity is not as popular as it used to be.
Nowadays, more & more people are switching to streaming services, which are more secure because they do not require downloading files. Still, films serve as a popular lure to spread phishing pages & spam emails.”
Almost any worldwide headline-producing event is an opportunity for cyber-criminals to cash in. Everything from holidays like Valentine’s Day to global sporting events like the FIFA World Cup are potential lures for victims excited to get in on the frenzy.
The best protection against these types of scams is educating users not to click on these malicious links in the 1st place.
“Teaching employees how to recognise phishing emails like these is just as important as putting in place protective systems,” Heather Paunet, Senior VP at Untangle, concluded.
“As security adversaries find creative new ways to infiltrate networks, keeping employees trained and up-to-date is necessary to strengthen your network security.”