The setup of Phishing websites before OSCARS 2021

This article is written by Kaspersky SEA.

On April 25th, the world  experienced the long awaited 93rd Academy Awards, also known as the Oscars 2021. With all the restrictions driven by coronavirus, the organizers were looking to make the virtual ceremony as thrilling as possible. And while the ceremony travels around the globe, in the online world, fraudsters are set to take full advantage the interest by spreading malicious files disguised as the best picture nominees.

In the hope of watching an Oscar-nominated movie, users visited a site where they were shown the first few minutes of the film before being asked to register to continue watching. During the registration, to confirm their region of residence, the victim was asked to enter their bank card details. After some time, money was debited from the card, and as expected, the film did not continue to play. This type of phishing is wide spread and considered to be one of the most popular among scammers. 

Kaspersky experts have found various phishing websites offering to stream Oscar-nominated movies for free before the presentation of the awards, but these end up stealing users’ credentials. We have also analyzed malicious files behind 2021’s Oscar nominees. As a result, the company’s researchers have found around 80 files mimicking the movies up for Best Picture.

Analyzing the malware detected during the past year, Kaspersky experts found that almost 70% of malicious files are only disguised as three movies: Promising Young Woman, Judas and the Black Messiah, and the Trial of the Chicago 7. Biographical drama Judas and the Black Messiah was the most used source to spread malicious files –malware related to this film takes 26% out of the total infected files. 

“Cybercriminals have always tried to monetize users’ interest in various sources of entertainment, including movies. We see that big events in the film industry can boost some interest from the cybercriminal community, but today this type of malicious activity is not as popular as it used to be. Nowadays, more and more people are switching to streaming services, which are more secure because they do not require downloading files. Still, films serve as a popular lure to spread phishing pages and spam emails. These attacks are preventable, and users should be alert to the sites they visit,” comments Anton V. Ivanov, who is a security expert at Kaspersky

To avoid falling victim to a malicious programs and scam, Kaspersky advises users to:

1. 1. 1. Check the authenticity of websites before entering personal data and only use official webpages to watch or download movies. Double-check URL formats and company name spellings.
      2. Pay attention to the extensions of the files that you are downloading. A video file will never have an .exe or .msi extension.
      3. Use a reliable security solution, such as Kaspersky Total Security  that identify malicious attachments and blocks phishing sites.
      4. Avoid links promising early viewings of content, and if you have any doubts about the authenticity of content check it with your entertainment provider.