Beware Thrones phishing scams

Beware Thrones phishing scams

Global TV sensation spawns scores of dodgy websites.

Among the phishing sites based on Game of Thrones is one masquerading as an official online store.
Among the phishing sites based on Game of Thrones is one masquerading as an official online store.

The final season of Game of Thrones is captivating TV viewers worldwide, but it has also given rise to phishing scams and other online misbehaviour through unlicensed, malicious or fraudulent sites.

Researchers with the cybersecurity vendor Check Point Software have found 42 such unlicensed, malicious or fraudulent sites bent on taking advantage of unsuspecting Game of Thrones fans.

For example, one such site uses the official branding of the show to promote what appears to be a legitimate competition for fans to win a special gift pack of GoT merchandise.

There is, however, no such prize and the site instead collects as many email and mobile phone details as possible that could possibly be used in future spamming campaigns.

Another site aims to dishonestly collect credit card details of users by posing as an official Game of Thrones merchandise store.

While many people may claim to be able to tell the difference between a real site and a fake site, the use of well recognised and trusted brands, like Game of Thrones, is the preferred method for suggesting to the user that the impersonated email or website is trustworthy.

Understanding the threat: The websites observed using the Game of Thrones brand can be split into two main categories: legitimate and fraudulent.

While both categories use the popularity of the brand to lure users in, their motivations are different.

The legitimate websites include fan pages, online games or small shopping sites, looking for potential customers or new community members.

The fraudulent websites, on the other hand, exploit the popularity of the brand to display ads, acquire personal information or convince the user to install an unwanted program.

These fraudulent websites mostly include sites requesting personal information for marketing opportunities, and fake streaming sites, requesting the user to download a browser add-on and provide personal information, while no streaming content is displayed at the end of the process.

How to avoid being a victim: There are ways to prevent being the next victim of a phishing attack. These include:

Think before you click.

Clicking on links on trusted sites should be totally fine. Links that appear in random emails and instant messages, however, often do not end well.

Hovering over links that you are unsure of before clicking on them will tell you if they lead to where you are expecting.

Make sure a site's URL begins with "https" and there is a closed lock icon near the address bar.

Check the site's domain name is the site you are expecting to visit and trust.

If it is not then you could be about to become the next victim of a phishing scam.

Make sure you have an advanced threat prevention solution.


Oren Koren and Hadar Waldman are analysts with Check Point Software.


Do you like the content of this article?
COMMENT

Family of Myanmar insurgency leader detained in Thailand

Thai authorities confirm that they have detained the wife and children of a top commander of the Arakan Army, an insurgent group who are fighting for greater autonomy in Rakhine state in northwestern Myanmar.

15:08

Stranded tourists, boat driver rescued in Phangnga

PHANGNGA: Two Romanian tourists and a boat driver who were left stranded on Koh Raya Ring after strong wind and waves hit their boat on Friday have been rescued safely.

14:54

Saudi trainee kills 3 in Florida base shooting

PENSACOLA, Florida: A member of the Saudi air force armed with a handgun fatally shot three people and injured eight others on Friday morning during a bloody rampage in a classroom building at the prestigious Naval Air Station in Pensacola, where he was training to become a pilot.

13:37