Like the Imperials baiting the Rebels into a trap, scammers are advertising fake film download sites ready to ensnare victims hoping to get Star Wars out of the cinemas.
No doubt the biggest movie of the year, Star Wars: Rise of the Skywalker has arrived, and with it, people making their way to the cinema to see the last in the long-running trilogy.
It’s been a story that has been going since 1977, and so a good 42 years later (and that is a pretty great number), we have an ending to the saga that was largely all about Luke Skywalker.
But while we have an ending, for scammers, it’s just another entry in their long-running ploy to get more details, another title that just racks up yet more reasons to be frustrated with the cyber criminal world.
This one doesn’t start in a galaxy far, far away, but rather our own one, and on the Internet for folks hoping to find a release of the film online. Whether those intentions are to find an illegal copy of the new Star Wars film, or even one that for some reason would ever be considered “legal”, the end result is a stream of websites hoping to bait users, capture details, and provide malware and potentially financial loss, instead.
It’s something Kaspersky Labs has picked up on at the end of the year, as its researchers have found over 30 fake websites and social media profiles purporting to be official offering free copies of the new Star Wars film, yet looking to capture credit card data in the process and potentially infect computers. Even though the researchers picked up on 30, Kaspersky suggests the number is likely much higher, and has highlighted at least 83 users that have been affected by the fake film scam attacks thus far.
These attacks aren’t so different from the phishing attacks scammers use with banks, and basically play on the familiar.
Whereas scammers have set up websites to look just like banks to trick you into entering your data, as well as doing much the same with fake retailers, a fake movie download is also fairly consistent in the industry and commonly found in search engines when you type in the name of a film followed by “watch free”. These sites aren’t like Netflix or Stan in that they offer films for viewing, and instead ask for your data in exchange or force you to jump through hoops, none of which will ever get you to the file, and just act as another step in their campaign for your lucrative identification or financial information.
For Star Wars, it’s a problem that’s affecting primarily websites, meaning searching for “Star Wars” and “watch free” is probably going to see you shout “it’s a trap” before rearing your Corellian Corvette the other direction. Social media is also being used to get the message out, though Kaspersky told Pickr that while Twitter is doing its job on deleting the messages, it might be possible to see those scam advertisements pop up.
“For this specific film we only found websites and webpages that promise downloads of the movie,” said Tatiana Shcherbakova, Security Analyst for Kaspersky.
“As far as we know, Twitter is doing a great job on content filtering, however, it is also known that sometimes cyber criminals manage to surpass filters for a short period of time,” she said.
The phishing attempts for Star Wars aren’t the only scams going on, either, with the company showing more Star Wars-themed malware out this year, up around 10 percent, with over 285,000 malware attacks themed around the franchise.
Scammers and criminals often use the familiar as a way of trying to plant attacks, and while malware attacks are often different from the phishing scams, they may also be for the same thing. For instance, if you’re asked to download an .exe file to get a free copy of Star Wars: Rise of the Skywalker, it’s a scam. Movie files are not executable files, not are they .bat or .dmg, the “batch” or “disk image” files that can be used to install things on computers.
And it might be wise to realise that a new film won’t have an official release online, particularly one that is still in the cinemas. Instead, you might want to wait a few months later until you can expect to watch it on your computer, when iTunes or another stream service is expected to get it for real. Alternatively, just head to the cinemas and watch the film like everyone else, and mitigate the risk of being infected by a “free movie” scam altogether.