Skip to Content
© Rokas Tenys |
Security & privacy

Don’t fall for these emails about a new season of ‘Squid Game’

Streaming is big as it’s ever been as more people are cutting the cord in favor of instant access to their favorite television shows and movies. You have plenty of options when it comes to streaming services, with the heavy hitters vying for your business with more content than ever.

A smart TV will come with some streaming apps built-in, and you can add more later. But not all services are available on all TVs. This is where streaming players come in. Choose one based on its features and services, then plug it into your TV’s HDMI port. Tap or click here for our comparison of some of the more popular streaming devices.

It seems you can’t escape the Netflix show “Squid Game.” It’s all over social media and the internet in general in the form of reviews, memes, comparisons, parodies and more. With such massive worldwide appeal, it should be no surprise that cybercriminals are taking advantage of it.

The “Squid Game” scheme


“Squid Game” is a South Korean survival drama in which financially troubled contestants compete for a huge cash prize in children’s games. The twist is that they are risking their lives in the competition. If you haven’t checked it out, you can find it on Netflix.

Cybersecurity firm Proofpoint discovered that cybercriminals are spreading malware using the popularity of “Squid Game.” According to a blog post, the “large cybercrime actor” TA575 is sending emails under the guise of someone who works on the show.

The crook uses various subjects in their email, including the promise of early access to watch a new season as well as casting opportunities.

Here are some of the subject lines used in the scam:

  • Squid Game is back, watch new season before anyone else. 
  • Invite for Customer to access the new sesason. [sic]
  • Squid game new season commercials casting preview 
  • Squid game scheduled season commercials talent cast schedule 

The senders tell recipients to fill out an attached document to get early access to the next season of “Squid Game.” An attached talent form includes registration for background casting.

The reality is the attachments are Excel documents with macros that download the Dridex banking trojan affiliate id “22203” from Discord URLs.

This malware drains money from bank accounts and spies on victims, and can install different forms of malware, including ransomware. We reported on the Dridex banking trojan being delivered via an Amazon gift card scam last December.

Proofpoint has been tracking the TA575 affiliate since late 2020. The group plies its crooked trade through malicious URLs, Microsoft Office attachments and password-protected files. TA575 sends thousands of emails per campaign and uses the communications platform Discord to host and distribute Dridex.

This isn’t the first time that cybercriminals used a popular entity to lure new victims. It’s not even the first time that “Squid Game” was the vehicle.


How to avoid losing the game

  • Don’t click links or download attachments from unsolicited messages.
  • Don’t enable macros for unfamiliar documents.
  • Your first line of defense is antivirus software. Keep it running and keep it updated! We recommend our sponsor, TotalAV. With TotalAV, you get the complete package: a security suite that protects your computer and smartphone from today’s threats. Get the Best Security Suite for 2021 for just $19 per year at That’s a savings of $100!

Keep reading

Stop paying for TV: 6 free apps to help you watch whatever you want

Security alert: Devices most commonly used to spy on spouses and partners [List]

Ask me your digital question!

Navigating the digital world can be intimidating and sometimes downright daunting. Let me help! Reach out today to ask your digital question. You might even be on my show!

Ask Me