Harry Potter fans looking to get in on the magic before the official release of Harry Potter and the Deathly Hallows on November 19 – beware! Cybercriminals (aka Web Dementors) are targeting Potter fans, promising free previews, movie downloads and other Potter paraphranelia, while actually luring fans into a cursed scam!
Security software company PC Tools tipped up off to this scam, which they covered on their blog last week. Alan Lee of the PC Tools Malware Research Team wrote that, “While browsing online for related Harry Potter stuff, I came across some website claiming that you can watch the latest Harry Potter movies on their websites.” He didn’t find any actual movie content on the site, but he did see a comment on the site claiming, “Me and my wife watched this movie here…This movie is great =)” with a link.
When Lee clicked on the link he was directed to a page, which encouraged the user to click on a series of links and to complete offers and enter personal details. Does the Harry Potter fan ever get to watch his movie? No. But the scammers do get him to enter his personal information several times and complete a number of offers along the way.
So how does the scam work? Curtis Sparrer, VP of PR firm Grayling Connecting Point explained in an email:
- First, a user searched for previews and other release information for Harry Potter online
- Results claiming to offer a free download of the new movie appear
- Users are directed to complete “offers” asking them to give away personal information or download a potentially malicious toolbar that may collect personal IDs and passwords
- Here, users are asked to fill in personal details and are informed that they may also be able to win an iPad
- Once personal details are entered and the registration is activated, users are then asked to enter a survey, after which the web page remains stuck in a “checking for completion” phase
- The user never gets to watch a preview, full-length film, or even trailer for Harry Potter and the Deathly Hallows
Fans may find malicious links, such as the one in the comment pictured above, in all sorts of places from blog posts to Twitter to Digg and other social media and Web 2.0 sites. So what’s a fan to do? The best advice I can give you is to just wait until the movie comes out in theaters to watch it. It’s only a couple of weeks away and, hey!, wouldn’t you rather see it on the big screen anyway? Also, never download anything or give your personal information to any website that you don’t know and trust. You wouldn’t want scammers to get a hold of your name, email, passwords, phone number, address or other important information just because you were trying to see the Harry Potter movie a few days early.
Check out screen shots of the scam below and let us know, have you seen any suspicious links to Harry Potter and the Deathly Hallows content?