- Illegal streaming sites often end up stealing user data.
- Wonka is the latest film that is scamming victims.
- Victims give away personal details when clicking on the phishing link of Wonka.
Whenever a new film, series, music video, or live event is released, there will always be those who try to get them for free. Illegal streaming sites used to be among the most visited sites for such content. But law enforcement agencies have been actively shutting them down, with such sites almost impossible to find today.
In the past, one could just Google search for such content and there would be an endless list of illegal streaming sites. While some were “legitimate” illegal streaming sites, most of them were also phishing sites, often requesting users to share their personal details to get access to content that is not even on the site.
In the US, the FBI has been actively shutting down illegal streaming sites. In 2019, the FBI took down two computer programmers in Las Vegas responsible for working on two illegal streaming sites called iStreamItAll and Jetflicks. iStreamItAll features over 118,000 TV episodes and almost 11,000 movies, more content than what Netflix, Hulu, or Amazon Prime have to offer. Both iStreamItAll and Jetflicks have thousands of paid subscribers and is available on several platforms.
In 2021, when Netflix’s Squid Game was released, several sites leveraged the show’s popularity to launch phishing attacks. According to a report by Kaspersky, a Squid Game-themed mobile malware called Joker Trojan was being distributed through third-party app stores. The malware is disguised as apps, games and books.
When Joker Trojan was discovered, there were more than 200 apps dedicated to the series on Google Play, and many of them borrowed features from each other. Unsurprisingly, when scanning such programs, the store moderators let a malicious “upgrade” sneak past. Small injections of malicious code are hard to detect during moderation, which is something cybercriminals constantly try to exploit.
From Squid Game to Wonka
Kaspersky also reported that cybercriminals are now taking advantage of the new film Wonka to launch more phishing attacks. Wonka, which is based on Roald Dahl’s Charlie and the Chocolate Factory books, is known for its “golden ticket,” which lucky young children need to find to win a visit to the fantastic Wonka chocolate factory.
Cybercriminals have ingeniously come up with a plan to use the “golden ticket” motif as a way to trick victims into downloading phishing content. In fact, Kaspersky’s experts have uncovered cybercriminals using the popularity and buzz around the film ahead of its release in cinemas this season to distribute online phishing scams. Preying on unsuspecting movie buffs, the phishing scams get Wonka fans to hand over their sensitive personal data and money.
Offering free streaming of the film ahead of its worldwide general release, scammers are using the survey site “SurveyMonkey” to lure fans of the mystical chocolatier with an offer to watch Wonka. A few moments after clicking on a link to a fake site, rather than seeing a world of pure imagination and a film that has not yet been released, users are greeted with what appears to be a harmless request to register to watch the full film.
The site directs unsuspecting fans to a pop-up screen, supposedly to create an account, asking for a bank card and personal identification number, as well as details like name, address, phone number, and other sensitive data. This is a red flag that enables the unauthorized creation of difficult-to-cancel debits from the users’ accounts.
In addition to the financial risks of sending their money and private data directly to fraudsters, unsuspecting Wonka fans also face the prospect of their stolen information potentially being sold on the dark web.
“Like the bad guys in Wonka, sinister scammers have wasted no time in exploiting people’s passion for Willy Wonka’s fairytale, magical world for their own sinister motives. To ensure this make-believe world stays just that, it’s important that people remain alert, follow basic online safety rules and don’t overlook risks. We’re urging chocolate film fans to practice safe online habits so they can enjoy Wonka and other movie premiers while protecting themselves and their privacy from cybercriminals,” commented Egor Bubnov, senior web content analyst at Kaspersky.
Illegal streaming sites: do not click the link
To stay safe while enjoying the excitement surrounding movie premieres, Kaspersky experts recommend users to:
- Be cautious of phishing scams: beware of suspicious emails, messages, or websites offering exclusive deals or freebies. Double-check the authenticity of the source before sharing any personal information or making online transactions.
- Verify website security: when purchasing merchandise or accessing related content online, ensure that the website has a secure connection. Look for “https://” in the URL and a padlock symbol in the address bar to indicate a secure website.
- Use security solutions: use a reliable security solution, such as Kaspersky Premium, that identifies malicious attachments and blocks phishing sites.
- Be mindful of sharing personal information: be careful when providing personal information online, especially sensitive details like your address, phone number, or financial information. Only share this type of information on trusted and secure platforms.
- Trust reliable sources: rely on official websites, authorized retailers, and reputable sources for purchasing merchandise, accessing movie content, or obtaining information related to the premiere. Avoid unofficial or suspicious sources that may try to exploit your enthusiasm.
Illegal streaming sites will continue to be in demand. But users need to realize that accessing such sites to save some money could end up costing them a lot more if their credentials and personal information ends up being used for the wrong reasons.