The final chapter in the incredibly popular Star Wars franchise is finally out, and hackers are using it to their advantage.
Researchers at Kaspersky found over 30 new phishing websites claiming to stream the official movie in the run up to the release of Star Wars: The Rise of Skywalker on December 19th. All of these sites came loaded with various forms of malware, none provided the actual movie. So far 65 different malicious files have been identified, all disguised as the new film.
Phishing website offering downloads of the new Star Wars movie
To add authenticity to the phishing sites, hackers also set up social media pages and twitter accounts, further enticing fans to click the malicious links.
Fake Twitter account with links back to malicious sites
This is a classic example of social engineers using a large and willing audience to further their phishing campaigns. As the numbers from Kaspersky’s studies show, Star Wars is a particularly common attack theme:
“It is typical for fraudsters and cybercriminals to try to capitalize on popular topics, and ‘Star Wars’ is a good example of such a theme this month. As attackers manage to push malicious websites and content up in the search results, fans need to remain cautious at all times. We advise users to not fall for such scams and instead enjoy the end of the saga on the big screen.”Tatiana Sidorina – Security Researcher, Kaspersky Lab
The lesson here is very similar to that of email-borne phishing campaigns often employed by hackers; If it seems to good to be true, don’t click.
Educating users on how to spot fake sites is imperative to your business in 2020 as hackers use new and ever more ingenious methods to coerce victims into falling for their campaigns.
At Phishing Tackle, we encourage all our readers to learn more about their users susceptibility to falling for a phishing attack, we even went as far as to create a free test which reveals exactly that! Check out our Free Click-Prone® Test and learn how you can reduce your attack surface today.