By Mathieu Mondino, Presales Manager at OpenText Cybersecurity
Winter is a season particularly conducive to sofa evenings to “binge watch” all the series of yesterday and today; streaming sites like Netflix and Disney Plus are expected to see record crowds. However, the rising subscription fees of these platforms are causing frustrated consumers to turn to illegal streaming sites which are an ideal entry point for cybercriminals.
Unlike official streaming platforms that generate revenue through or user subscriptions, illegal streaming sites have to find other ways to make money, even if that means “giving” cybercriminals the access to individuals’ information. Unsurprisingly, these sites open a door for criminals to access bank accounts, commit fraud and install malware. Although antiviruses are effective, sometimes malware prevails. The Ligue 1 season available only on a paid platform as well as the host of new shows and new films should be fertile ground for the attacks to come.
The threats are proven
A recent study reveals how exposed consumers are to fraud, dangerous scams and explicit content on illegal sports streaming sites. Analysis of 50 popular “open access” sites during several major sporting events revealed that every site offered malicious content, while more than 40% of sites lacked the necessary security certificate.
The most common threats on illegal streaming sites:
- Banking Trojans are a type of malware hidden under legitimate-looking software designed to hijack users’ bank accounts. This type of malware acts extremely quickly and deceives the vigilance of the antiviruses present on the machine.
- Phishing web pages are the most common threats. Disguised as legitimate websites, these pages are designed to trick users into providing their credentials. These scams provide the ability to view premium content on the condition of logging into their email or other important account which would later be used for identity theft.
- Cryptocurrency scams are hidden through increasingly popular malware that targets cryptocurrency apps on phones. Cryptocurrency scams usually come in the form of pop-ups or redirects that show users fake stories of famous personalities to ultimately lure them into sophisticated financial schemes. These scams can look very real and sometimes even mimic popular media publishing sites to trick victims into sharing their bank details.
How to stay safe
Cybercriminals have no shortage of tricks, but there are red flags to keep users on their toes.
For example, most illegal sites work in HTTP and not in HTTPS. While the difference of a single letter may seem small, the “S” is crucial because it indicates that the page is encrypted. An HTTPS site is not a guarantee that a website is completely secure. However, its absence should always serve as a red flag for not using it.
Illegal streaming sites are also flooded with pop-ups and redirects to grab users’ attention and convince them to click. Links presenting very attractive promotional offers can thus make users very vulnerable.
It is important to avoid links suggesting to install an extension in order to view the content. This major red flag usually leads to malware or phishing redirects.
These tips can help users avoid falling into the trap of malicious actors. Nevertheless, it is of course recommended to avoid free streaming sites and use a reliable anti-malware antivirus.