Avengers: Endgame took in a billion dollars in the five days after it opened, beating the prior record by six days and destroying every other box office record in the process. It's the biggest movie ever – but not everyone is willing to stump up for a movie ticket.
Which makes it excellent bait for scammers trying to exploit anyone who wants to watch Endgame for free as an illegal download.
Here's the lowdown on the Avengers download online scam and how it works, just in case you're tempted to skip the movie theater and attempt to download Marvel's latest hit.
How the Avengers: Endgame Scam Works
The scam targets anyone hoping to get a free HD-quality version of the film online, according to cybersecurity software company Kaspersky Lab, which uncovered the scam in a recent blog post.
Initially, the scam lures victims in with the promise of a simple download of Endgame. But, within moments, the site starts asking for login and financial information – this should be a huge red flag.
Even if the scammers only received your email address and a password before you bounced off the site, they have the information they need.
Why? Because most people reuse their passwords. Combined with the email address, that's valuable information. While you're patting yourself on the back for stopping when you hit the credit card page, you've potentially already opened yourself up to those scammers. They can attempt to access any other online accounts where you might have used the same email and password.
Click or tap the images below to see how the scam plays out:
Avengers: Endgame is sucking up so much pop culture oxygen right now that it's a popular web search – as are search phrases for downloading it. These could turn up the scam site, where the first few seconds of the film will start out just fine.
Card Details Requested
Then, a popup will ask for your email and a password. That’s not too much to ask, so many people will fill it in, only to be hit with a second request: This time the scammers want billing information and credit card details, even down to the Card Verification Code on the back.
It's a bit of an obvious trick – the “movie” is just a few seconds of the logo taken from the Endgame trailer. No pirating site should ask for credit card info, and if you were to hand over these details, you could lose a lot more than the cost of a movie ticket.
Best Practices to Avoid Online Scams
How can you avoid getting scammed?
Well, the real best practice is to just head to theaters. Sure, the popcorn may be overpriced, but your ticket is supporting an industry that made a 22-movie story arc culminating in Endgame possible. Pick a matinee showing, if you need to save a few bucks.
Online piracy is fraught with scams and viruses, plus, you miss out on the experience of viewing a film in proper quality – you'll never find an HD copy of Endgame online while it's still in theaters.
But aside from curbing any piracy habits, here's a quick list of what you should keep at the front of your mind when online:
- ABQ: Always Be Questioning. Anyone can throw together a scam site, and popular movies are huge SEO opportunities for scams. If you don't fully trust a site, don't enter any personal info – even an email address.
- Consider using a password manager: They'll help you keep track of all your passwords, allowing you to pick truly secure options without all the hassle of remembering them. Not all password managers are equal, though, so check out Tech.co's roundup of the top options to try.
- Don't assume a VPN will protect against scams: Plenty of illegal downloaders use a VPN to mask their IP address. While using a VPN isn't illegal, it won't secure you against viruses, and anything that's illegal without a VPN (including downloading or torrenting copyright material) is still illegal with one.
- Use antivirus software. Pick a trusted name, whether free or paid-for, and keep your antivirus updated to guard against the latest threats.
Stay safe out there, and don't worry – it might seem like forever, but Endgame will be available on demand before you know it. Then, we'll have to start warning about someone trying to turn the next huge Marvel movie into a scam opportunity.