The first big TV event of the 2021 awards season finally started this past Sunday with the 78th annual Golden Globes. However, TV shows and films are not only sources of entertainment but also an attractive lure for cybercriminals to spread threats, phishing pages and spam letters. As a result, in the lead up to such an important industry event, it has become a source of interest for cinephiles, film buffs, scammers and fraudsters alike.
Photo by cottonbro from
PexelsTo get a clearer picture of how cybercriminals try to monetise viewers’ interests, Kaspersky experts have analysed malicious files behind nominated films as well as movie-related phishing websites designed to steal users’ credentials.
The Best Picture nominees studied:
| Borat Subsequent Moviefilm |
| Emily in Paris |
| Ozark |
| Palm Springs |
| Ratched |
| The Crown |
| The Mandalorian |
| The Queen's Gambit |
| The Trial of the Chicago 7 |
| Unorthodox |
During the first three weeks of January, Kaspersky experts observed that 275 users were subjected to infection attempts using files with various threats disguised as best picture nominees. Kaspersky researchers found that The Mandalorian was the most popular bait among cybercriminals, accounting for 68% of the infections. Netflix’s hit series The Queen’s Gambit was second in this rating with 11% of infected users and Ozark completed the top three with 6% of users.
Image supplied
By 21 February, Kaspersky researchers had discovered that the number of users targeted with malware associated with nominated films and series’ had decreased by almost three times compared to the previous month. The Mandalorian remained the most targeted feature, while The Queen’s Gambit remained in second place. However, there were changes in the percentages of targeted users – 33% and 19% respectively. This means that for the same period in February the number of infections guised by The Mandalorian decreased by six times. At the same time, while Ozark viewers were safer, cybercriminals’ interest in Palm Springs increased and the number of infections increased by three.
Image supplied
Kaspersky experts also found a number of phishing websites designed to steal viewers’ credentials. Some of them offer to enter bank card details to confirm that the user is located in the exact region where the web resource is licensed to distribute content. Others just redirect to third party resources. In either scenario, the user is deceived with their data leaked and credentials stolen.
Image supplied
“Films and TV series’ have always been popular baits to spread threats and perform phishing campaigns. However, today we see that cybercriminals have shifted their attention from the film industry. Instead, we discover some interest from threat actors around the most popular shows at that moment, like The Mandalorian. It appears that this great show attracts not only viewers around the world but also cybercriminal interest,” comments Kaspersky security expert Anton V. Ivanov.
In order to avoid falling victim to a scam, Kaspersky advises users to:
- Check the authenticity of websites before entering personal data and use only official webpages to watch films, series’ and shows. Double-check URL formats and company name spellings.
- Pay attention to the extensions of the files that you are downloading. A video file will never have an .exe or .msi extension.
- Use a reliable security solution that identifies malicious attachments and blocks phishing sites.
- Avoid links promising early viewings of content, and if you have any doubt about the authenticity of content check it with your entertainment provider.
