Cybercriminals target fans of shows on big streaming sites

By Patricia B. Mirasol, Reporter

STRANGER THINGS fans who chose to watch the mystery series’ fourth season on sites other than the official platform have fallen victims to cybercriminals, global cybersecurity firm Kaspersky found.

“Cybercriminals have always ridden on trends to bait unsuspecting victims even before the pandemic,” said Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky, in a July 26 e-mail. The pandemic has accelerated on-demand content — providing cybercriminals the opportunity to take advantage of fans’ eagerness to watch their favorite shows, Mr. Yeo added.

Netflix was the most popular streaming service used as a lure by cybercriminals, a 2021 report by Kaspersky found. Nine-tenths (or 89%) of the cybersecurity firm’s users faced malware (malicious software intended to compromise systems) or unwanted software while searching for Netflix and related content.

Other Netflix shows exploited by cybercriminals include The Mandalorian and Money Heist. The two accounted for 28.72% and 28.41% of infection attempts, respectively, between Jan. 1, 2020 and June 30, 2021.

Fans of Squid Game and Spider-Man: No Way Home were likewise the target of fraud schemes that included Trojans (malware disguised as legitimate software), adware (advertisement-supported software), and phishing (a cybercrime where scammers lure victims by posing as a trusted organization).

In the case of Stranger Things’ fourth season in 2022, Kaspersky researchers found examples of spam e-mails and phishing pages designed to steal the show’s fans’ money and personal information.

In one scheme, cybercriminals offered users the ability “to watch the new episodes for only $1 (P56).” Users were asked to register a new account and enter their address and bank details to access the offer. After entering the necessary information, fraudsters then drained the victims’ wallets without giving the purchased access to the series.

In another scheme, the researchers detected spam e-mails used to sell products of dubious quality, which were spread through promotional e-mails sans the recipient’s consent. In one of these e-mails, users were given the opportunity to buy limited-edition Stranger Things shirts through a domain that was only recently created.

“Fans need to be careful as trying to save money on a streaming service subscription can lead to them losing much more than they could ever save,” Olga Svistunova, security expert at Kaspersky, said in a July 25 press release.

“Consumers of [illegally obtained] entertainment should be aware that these types of websites are a cybercriminal’s playground where they disguise their malicious files as useful stuff,” added Mr. Yeo.

To avoid falling victim to scams, Kaspersky recommends the following:

  Avoid links promising early viewings of films or TV series.

  Check the authenticity of the website before entering personal data, and only use official, trusted web pages to watch or download movies.

  Pay attention to the extensions of the files you download: a video file will never have a .exe or .msi extension.

  Use reliable security solutions such as Kaspersky Security Cloud and Kaspersky Total Security.

Falling prey to threat actors causes user data to be compromised, Kaspersky said. Your bank details shared on the dark web are like an open Pandora’s box, Mr. Yeo reminded.

“Not only can you lose your hard-earned money, your identity can be compromised,” Mr. Yeo told BusinessWorld. “Also, those linked to you such as your family members and affiliates [can also become] vulnerable to any unimaginable attack.”