Watch Out for Game of Thrones Phishing Scams As The Final Season Arrives (Apr 22, 2019)
Check Point researchers have identified a phishing campaign themed after the HBO series “Game of Thrones,” with the campaign’s objective being the theft of user data. The emails attempt to direct recipients to Game of Thrones websites that purport to be fan pages, gaming sites, and online shopping stores. Some of the websites are designed to steal user data such as email addresses and phone numbers to be used in additional spam campaigns. The other types of websites, such as the online stores, are designed to steal a user’s credit or debit card information.
Recommendation: Utilizing popular media can be an effective tactic for threat actors because it may be easier to trick users if presented with a form of media they enjoy. Users should always default to going to official websites for content because actors will attempt to direct traffic to malicious websites that appear legitimate. Utilizing the content owner’s website, in this case HBO, to discern authentic details. Educate your employees on the risks that phishing and scam emails can pose not only to your organization, if malware is being distributed, but also to your individual employees so they can protect their data.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.