The scam is similar to others that promise users free content and begins with eager fans who are promised either a download or a full viewing of the film. Streaming begins without incident but then users are prompted to create an account to continue watching, according to a Kaspersky Lab blog post.
Users are first told it is free and that they only need to enter an email address and password but are then prompted to enter billing information that "will NOT BE CHARGED."
This is of course false and those who fall for the scam find that they have just given away their email address, a password that may have been recycled and can be used elsewhere, as well as their credit card information.
"Social engineering methods are aimed at exploiting people’s emotions," Tatyana Sidorina, security researcher at Kaspersky Lab told SC Media. "An influential and much-loved franchise with an enormous global fan base seems like the perfect target. The temptation to take a few security shortcuts in order to be able to watch a long-awaited movie and not have to worry about spoilers or sold-out tickets can prove irresistible to loyal fans; that is what the attackers prey on."
Researchers recommend users beware of posts like this and always be on the lookout for basic identifiers of a potential phish such as ‘https’ in the web address. In addition, if a user must enter financial information use a separate bank card with a limited amount of money available to limit potential losses.
This article was originally published on SC Media US.