Cybercriminals targeted Star Wars fans in a recent phishing campaign designed to steal credit card data by enticing fans with an early movie screening. 

According to a NJ Cybersecurity & Communications Integration Cell alert, Kaspersky researchers revealed that this social engineering campaign used approximately 30 fake streaming sites, social media profiles masquerading as official movie accounts, and malicious files disguised as fake early release movie copies. The sites claim that the user must enter credit card data for registration purposes.

Kaspersky noted that in these attacks, the domains of websites used for gathering personal data and spreading malicious files usually copy the official name of the film and provide thorough descriptions and supporting content, thereby fooling users into believing that the website is, in some way, connected to the official film. The practice is called “black SEO,” which enables criminals to promote phishing websites high up in search engine results (such results often show up for search terms such as ‘name-of-the-film watch free’).

In addition, researchers say that to further support the promotion of fraudulent websites, cybercriminals also set up Twitter and other social media accounts, where they distribute links to the content. Coupled with malicious files shared on torrents, the attacks were successful: so far, 83 users have already been affected by 65 malicious files disguised as copies of the upcoming movie.

In 2019, Kaspersky detected 285,103 attempts to infect 37,772 users seeking to watch movies of the renowned space-opera series, a 10 percent rise compared to last year. The number of unique files used to target the users amounted to 11,499, a 30 percent drop from last year.