Unfavorable Game of Thrones fans are also victims of fake sites during the final season


Winter is finally over. Fans of Game of Thrones can finally warm up and, like a hungry dragon, begin to devour the final season of their favorite TV series. Unlike this fantastic series, however, the multiplicity of phishing scams for fans is very real, and there are many other threats, such as malicious software transmitted through torrent sites.

Check Point Research recently discovered a new malicious activity that seeks to abuse unsuspecting fans. Below is an example of a website that uses the official image of the TV series as a legitimate contest for fans to win Game of Thrones gift boxes. In the end, no gift is sent, and the site collects email addresses and mobile phone numbers from Internet users to probably use them in future spam campaigns.

Fig 1: Example of the phishing site exploding the Game of Thrones brand – gameofthronesratings[.]with

Another example provided below is dishonestly collecting credit card information from Internet users, pretending to be an official Game of Thrones store.

Fig 2: Example of site disguised as official online store of Game of Thrones – gameofthronesofficalshop[.]with

Many Internet users can tell the difference between a real site and a fake site, but the use of trusted brands like Game of Thrones is the preferred method of hacking to convince Internet users that an email has been received or website viewed is reliable.

Understanding the threat

The sites that we saw under the Game of Thrones brand can be divided into two main categories: legitimate sites and fraudulent sites. Even though the sites in these two categories use the popularity of the TV series to attract fans, their motivation is quite different. Legitimate sites include fan pages, online games, or smaller shopping sites, looking for prospects or new members for their communities, as shown below.

Fig 3: gameofthronesgifts.com – Shopping site

Fig 4: gameofthronesgifts.com – Fan Site

Fig5 realgameofthrones.com- Online Game

On the other hand, fraudulent sites exploit brand popularity to display ads, acquire personal information, or persuade Internet users to install an unwanted program.

These are mostly sites that request personal information for marketing purposes, fake streaming sites asking users to download a browser plug-in and provide personal information without any content being disclosed at the end of the process. .

Fig 6: gameofthronesof.com – fake streaming site

Fig. 7: gameofthronesratings.com – Site requesting personal information

How ThreatGuard can help

ThreatGuard is a SaaS product that scans a company's resources on the Web and informs them when threats such as similar domains, exposed accounts, vulnerabilities, and open ports with risks are detected. In the examples above, to find sites that explore the popularity of Game of Thrones, we use the domain search feature.

ThreatGuard allowed us to locate similar domains in a short time and focus on a more in-depth analysis of the threats presented. We used a keyword query "gameofthrones" in ThreatGuard and we got dozens of results. After extending the search for more common words related to the Game of Thrones series, such as names of characters and known passages, we could find many other areas.

Fig. 8: The ThreatGuard main panel

ThreatGuard also allowed us to focus our research on a specific word, domain severity, active domains, and more. For the areas considered most interesting, we consult them safely through the ThreatGuard solution and review their history. This allowed us to investigate suspicious domains without harming our hosts and understanding them better. In case of discovery of a malicious domain, we automatically request your removal from your registrar.

Fig. 9: Review of a similar domain

How to avoid being the victim of a phishing attempt

Of course, you may not become the next victim of a phishing attack:

1. When taking a step back before clicking. You can click on links from trusted sites. But the links that appear in emails and instant messages usually do not lead to safe destinations. Hover over the links you are not sure before clicking on them to make sure they are going where you are going.

2. Make sure that a website URL begins with "https" and that a closed padlock icon is present near the address bar.

3. Verifying that the domain name of the site corresponds to the one you want to consult and trust. If this is not the case, you may be about to become the next victim of a phishing scheme.

4. Ensure that you have an advanced threat-prevention solution, such as the Check Point SandBlast Agent and zero-phishing protection.

The following list of sites that use the Game of Thrones brand was compiled by Check Point and categorized by our analysts:

gameofthrones .pro

gameofthronesgamer .com
gameofthronesof .com
gameofthronesseason8online .net
gameofthronessaison8stream .com
gameofthronesratings .com
gameofthronesconquesthacked .top

gameofthrones-Live .com
gameofthronescast .com
gameofthronesbingo .com
gameofthronesfinale .shop
gameofthronesseason6-online .com
gameofthronesstudiotours .com
gameofthronesslotscasino .com
gameofthroneslegacytours .com
gameofthronesseason7livestreaming .com
gameofthronescollectibles .com
gameofthronesseason7watchonline .com
watchgameofthronesepisodes .com

Gameofthroness .club
Watchgameofthrones .info
Gameofthronesstreamingita .com

gameofthronesil .com
gameofthroneszone .com
gameofthronesneon .com
gameofthronesgifts .com
gameofthronescastle .com
gameofthronesfandom .com
shopatgameofthrones .com
idolovegameofthrones .com
gameofthronesapparel .com
thegameofthronesparty .com
gameofthroneskeychains .com
gameofthronesofficalshop .com
gameofthronestreasureshop .com

realgameofthrones .com
officialgameofthrones .com

Blog / News:
gameofthronesblog .com
gameofthroneseason8episodes .com
gameofthronesseason8hbo .com
hbogameofthronesseason7 .net
gameofthronespredict .com

By Oren Koren and Hadar Waldman, CheckPoint


Source link