The recent proliferation of streaming services and the streaming free trial have given criminals a new opportunity to trick people into downloading malware onto their computers. Proofpoint, a global cybersecurity company, recently published a report detailing a phishing scheme that uses a fake television and film streaming service called BravoMovies to lure unsuspecting victims into ushering criminals past their computers’ defenses.
The scheme starts with an email: “Your free trial is ending”
The scheme begins with an email that warns recipients that their streaming free trial of BravoMovies is set to expire. The emails instruct that if recipients don’t want to be charged a monthly subscription fee, they need to call BravoMovies customer service. Those who call are directed to a fake but realistic looking website that claims to offer unlimited access to “an extensive library of feature films, documentaries, TV shows, anime and more.”
But the cancellation instructions are a trap
Once on the website, “customer service” directs victims to an FAQ page that supposedly instructs them how to unsubscribe from the streaming trial. What the FAQ instructions actually do is trick victims into downloading an Excel document that includes a BazaLoader downloader with which criminals can then easily access victims’ computers. Because victims intentionally (if unknowingly) download BazaLoader, their computers’ defenses do not protect against any malware it may download.
Remember which trial services you’ve subscribed to and cancel them carefully
The BazaLoader scheme plays on people’s tendency to sign up for free trials of a variety of streaming services. Criminals bet that enough people lose track of their (or their family’s) free trials of each streaming service and will unthinkingly follow even suspicious cancellation instructions.
Interested in learning more?
Find legitimate streaming services using our Where to Watch page.