Free, more often than not, comes with strings. When it comes to movies and TV shows, treat “free” with a good deal of skepticism, according to new research from Kaspersky. 

SEE: Top 5 programming languages for security admins to learn (free PDF) (TechRepublic)

It’s been a year since most people have been able to share a movie-going experience with an audience. But what’s been devastating to the theater industry has been an unquestionable boon to streaming services. When the pandemic forced people indoors, they made good use of their subscription services. 

Even if you have one or all of “the big three” Netflix, Hulu and Amazon Prime, you still won’t be able to watch “Wandavision,” “The Servant” or “The Mandalorian.” What if you’re compelled to see those shows and can’t justify subscribing to  the channel (i.e. Disney Plus, Apple TV)? 

It might cheer you to see, with minimal research, that the shows are available to download for free. Unfortunately, you’ll be sorely disappointed when you realize you’ve fallen victim to cybercrime. 

The Golden Globes, doled out by the Foreign Press Association, aired Sunday, and these awards marked the whirlwind start of the entertainment industry’s awards season. Unfortunately, it’s also a signal for bad actors to do what they do best: Take advantage of others. Using phishing pages, spam letters, cloned urls and more, these cybercriminals are hard at work finding ways to monetize viewers’ interests. Offering a movie without cost or subscription is a way to steal viewer credentials, i.e. “For free access, please register.”

SEE: Return to work: What the new normal will look like post-pandemic (free PDF) (TechRepublic

In early January, Kaspersky analysts reviewed malicious files behind the most searched, most popular movies and TV shows and found that users were subjected to infection attempts using files with various threats disguised as a no-cost way to get their media fuel running.

Kaspersky reports finding phishing websites specifically designed to steal viewers’ credentials. Some sites claim that to access the “free” shows, viewers must provide bank card details to confirm “that the user is located in the exact region where the web resource is licensed to distribute content.” Other sites redirect to third-party resources. In either scenario, the viewer is duped into giving up financial info, and their data is leaked and credentials are stolen.

The report found three shows that were the most popular bait among cybercriminals. Topping the list is the latest season of “The Mandalorian,” story from the “Star Wars” universe. Kaspersky found that “The Mandalorian” was the most popular bait among cybercriminals, “accounting for 68% of attempts.” 

In second place is the limited series that renewed the interest in chess to many, Netflix’s “The Queen’s Gambit,” baited 11% of infected users. Rounding out the top three at 6% was “Ozark.” 

In February, Hulu’s “Palm Springs,” starring Andy Samberg and Cristin Milioti, moved into third place at 14%, moving “Ozark” to fourth and “The Crown” to fifth. 

Kaspersky tips to avoid being scammed

Check the authenticity of websites before entering personal data, and use only official web pages to watch films, series and shows.

• Double-check URL formats and company name spellings.
• Pay attention to the extensions of the files you are downloading.
• A video file will never have an .exe or .msi extension.
• Use a reliable security solution that identifies malicious attachments and blocks phishing sites.
• Avoid links promising early viewings of content, and if you have any doubt about the authenticity of content, check it with your entertainment provider.

While you may be able to easily sneak into another movie at the cineplex undetected, it’s not worth the effort it takes to clear fraudulent charges just to avoid paying $19.99 for a streamed film. If you really want to see a movie you don’t have free access to, hand over the rental fee: It will end up costing less to watch, and represent the pricelessness of a moral compass. 

Cybersecurity Insider Newsletter

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays

Sign up today

Also see