An 'Avengers: Endgame' Scam Threatens Your Passwords' Security
Avengers: Endgame, the latest blockbusting movie from Marvel's enormously successful Infinity Saga, came out on April 26. It's been on the screen for close to two weeks, but you haven't seen it yet. You desperately want to know what happens before friends or co-workers spoil it for you, but for various different reasons, going to the cinema isn't an option. You have paid the subscription for your favorite streaming platform, but the film won't be made available for another few months, and you really don't want to wait that long.
Scammers promise you a free movie
You figure out that your only option is a spot of piracy, and you try to make yourself feel better about it by reading about the humongous box office the Avengers have already made. Confident that the missed revenue from your cinema ticket won't put Marvel out of business, you fire up Google, and within seconds, you're looking at a number of links that promise you to show you Avengers: Endgame for free.
At this point, you have the option of changing your mind and waiting for the opportunity to legally see the movie. If you don't do that, you might end up falling for a rather nasty information harvesting scam which was first reported by Kaspersky on April 30.
Scammers don't deliver on their promises
You pick a link, click on it, and what looks like the opening scene of the three-hour-long movie starts. Just as you reach for the first handful of popcorn, however, a popup appears which tells you that in order to see the full film, you need to create a free account.
This is mildly annoying, but you figure out that you'll go with it. After all, the popup itself tells you that creating an account takes "2 minutes", and in exchange, you'll get to see one of the highest grossing movies of all time completely free of charge. Except you won't do that.
It's all a scam. The crooks have no intention of showing you Avengers: Endgame, not least because they don't have it. What you saw before the popup appeared was footage from the official trailer. The goal of the operation is to steal some information, and the criminals are already halfway there. They tricked you into visiting their website, and they now have your email address as well as a password which, statistically speaking, is very likely to be reused. They won't stop here, though.
After you create your supposedly free account, you are asked for your credit card details. The page assures you that no charges will be made to your card. It says that the platform is licensed to stream content in specific parts of the world, and through your payment information, it will be able to determine your geolocation.
There is no such thing as a free lunch
Most of you will probably realize that something's not quite right when they are asked for their credit card number. As we mentioned already, however, even if you click away at this point, the crooks still have a set of login credentials which can be enough to cause plenty of damage.
Security experts often talk about how dangerous pirating software can be. As you can see, however, things can be just as dangerous when it comes to illegally consuming copyright content. Instead of taking unnecessary risks, you're better off sticking to the legitimate channels, even if this means waiting for a few more months.