Various Game of Thrones online stream offers are using phishing techniques to dupe users' financial information
As the hyper-popular TV series Game of Thrones came to an end, millions rushed to watch the finale of the epic fantasy saga. The series is officially shown on American premium TV network HBO, and a standalone package costs $15 a month to watch.
While most opted to view it on HBO, millions of others did not want to pay for premium service or could not afford it and chose to download/stream the series online. Unfortunately, scammers are always around to exploit a popular name in the pop culture, as we saw happened with many grand titles from various industries.
The season 8 broke viewing records despite the relatively high pricing of HBO service, triggering a surge of posts on social media and potentially encouraging users who do not want to pay to join the ranks as well.
As reported by Kaspersky security researchers, multiple scam sites exist that claim to provide a stream of full Game of Throne episodes for free:
As soon as season 8 premiered, hordes of people began looking for it online. No legitimate options existed — if you want to view the program legitimately, it’ll cost you legitimate money. But scammers seem to offer an attractive alternative. The key word there is seem.
The fraud does not only makes users disclose their financial information to cybercrooks but does not provide the promised GOT episodes either.
The elaborate scam scheme might trick millions of users
Users might encounter the scam website anywhere on the internet – especially when they themselves are looking for something illegal. In short, it is easy to find something you are looking for on the internet, although there is never a guarantee of how secure the content is.
One of such sites that were analyzed by Kaspersky security team promised a stream of the episode Game of Thrones: Winterfell for free.
Once users press on the Play button, they can see a couple of seconds of the episode, but then the stream stops due to an annoying pop-up: “Login Required.” At this point, many users might not suspect anything fishy, as many sites ask for a registration. Most certainly, it is for free, so why not?
Users are then asked to enter email and a password for the alleged new account. After entering the required details and pressing continue, site visitors see that it was not enough, and now they are requested to enter their credit card information, including CVC code, in order to “validate the account:”
Because we are only licensed to distribute our content to certain countries, we ask that you verify your mailing address by providing us with a valid credit card number. We GUARANTEE that NO CHARGES will be applied for validating your account. <…>
Because the site GUARANTEES (note the caps) that nothing will happen, it must be safe. Besides, the reasoning sounds quite reasonable. Unfortunately, after proceeding, victims will soon realize that they have been scammed, as the few seconds of the show was merely a preview for the episode.
Besides, even creating an account which does not require users to enter their credit card details might be dangerous, as many tend to use the same password for multiple sites. The acquired data might be later used for credential stuffing technique, allowing cybercriminals to breach other user accounts.
Do not be a victim of Game of Thrones scam
Kaspersky experts noted that cyber attacks detected by the AV engines worldwide and related to the show increased drastically after the Season 8 premiere. Therefore, those who still did not see the series and are planning to watch it illegally should be alert about their online safety.
Researchers advise users not to be so easily tricked by various Game of Thrones streaming or download sites. First of all, you should employ reputable security software that would stop malicious web injects and ads from installing malware automatically on high-risk sites.
Generally, you should not trust any website that offers you illegitimate content for free – there is a good chance that it is simply a scam. Thus, never enter your financial information or other personal details on such domains. Additionally, never reuse the same password for multiple sites – it is very easy to steal the data, as proves several major leaks such as Collection #1.