Skip to Content
© Starletdarlene |
Security & privacy

Avoid ‘free’ downloads of these Oscar favorites – they’re hiding malware

If you’re a movie fan, this is a huge weekend. The 92nd Academy Awards ceremony airs Sunday, Feb. 9, and tons of great films will win Oscars.

Just the mention of Oscar-nominated movies gives many of us the itch to binge-watch them all. You might be able to catch some of them on Netflix or Amazon Prime Video. Tap or click here to find out which service is better for movies.

If you can’t find what you’re looking through reputable sites, you might venture onto more shady ones. Bad idea! They could infect your devices with malware.

Phishing for Oscars

As a loyal reader, you know the criminals behind phishing attacks have one thing in common: They all try to take advantage of popular websites and trending news topics.

The more people following the latest fad, the more potential victims there are. That’s why they jump on things like Oscar-nominated movies during awards season. They know film buffs will be looking for ways to watch them.

RELATED: Convincing phishing email is spreading

With that in mind, Kaspersky researchers recently looked for malware associated with this year’s award-nominated movies. They were able to find more than 20 phishing websites and over 900 malicious files disguised as free movie downloads.

Here’s how the scheme works: Scammers set up phishing websites and Twitter accounts that promise to deliver the hottest Oscar-nominated movies of the year for free.

To access the movies, victims are asked to perform a few tasks, and they all lead to disaster.

One task is completing a survey, which asks for tons of personal details. With enough information, a cybercriminal can break into your online accounts and even steal your identity.

RELATED: Fake Microsoft email is tricking tons of victims

Other phishing sites ask for your credit or debit card information before letting you watch the movie. Of course, once you hand over your banking details, the jig is up. The crooks can drain your account before you know what happens. Oh, and another kick in the face is you won’t see the movie. It was all a scam.

Many of these sites are being promoted through fake Twitter accounts. They share links to either the phishing websites that can rip you off when you visit them or the links themselves are malicious and if you click, your device is infected with malware. It’s that easy.

Kaspersky found that “Joker” is the most popular film this year for cybercriminals. There were more than 300 malicious files found associated with the movie. “1917” came in second with more than 200 malicious files and “The Irishman” came in third, with just under 200.

Don’t get caught up in the buzz

Websites promising early access to movies that haven’t been released on Blu-ray yet, or not available on official streaming services, are usually bad news. Sometimes they are even illegal.

It’s best to stay away from them and stick with official streaming sites like Netflix or Hulu to get your movie fix. If you see posts on Twitter claiming access to free movies, don’t click the links. There’s a good chance it’s a phishing scam like we’ve detailed in this article.

Need help spotting phishing attacks? Tap or click here for things to look for.

Want to stay on top of the latest scams? Sign up for Kim’s Alerts newsletter and be the first to know when things are spreading and how to avoid them.

Stop robocalls once and for all

Robocalls are not only annoying, but they scam Americans out of millions every year. Learn Kim's tricks for stopping them for good in this handy guide.

Get the eBook