Light Dark
October 12, 2018 By Shane Schick 2 min read

“Doctor Who” may be one of the most popular science fiction series of all time, but anyone interested in streaming the new season should check for factual accuracy before creating a “free” online account.

Researchers discovered a litany of YouTube channels that supposedly offer access to season 11 of the long-running British TV show, but may actually be duping people into handing over personal information. According to Malwarebytes, the YouTube scams include links that direct viewers to offers featuring “Doctor Who” imagery, encouraging them to sign up to watch the show.

YouTube Scam Could Be After Personal Data

Though the pop-up box suggests that watching the latest “Doctor Who” episodes comes at no cost, other areas of the same sites include prompts to “try this service for free” — which could mean users will be billed later or denied access unless they opt for a premium version of a streaming service.

The researchers noted that the operators of the YouTube scam often used outdated photos from previous seasons of the show, which should be a giveaway that their offers aren’t legitimate. Besides gathering names, email addresses and other personal data, such scams can lead unsuspecting users to illegal or pirated versions of copyrighted content, including TV series like “Doctor Who.”

Unlike a more traditional business, these scams sometimes ask for credit card information up front, even if they fail to offer substantial details about the services they purport to provide.

The Power of Penetration Testing

Given that employees might be looking for “Doctor Who” streaming options on their lunch hour, companies must be vigilant when this type of scam makes news headlines. While most phishing scams use email as an initial lure, they often lead to similarly dubious websites that ask people to enter data.

IBM security experts recommend conducting penetration testing to determine which social engineering scenarios pose the greatest risk to the organization. Simulated phishing engagements can also help security leaders enforce secure behaviors, such as making sure a website is what it claims to be and doing some extra research online before clicking through.

Source: Malwarebytes

 |  |  |  |  | 
Shane Schick
Writer & Editor

More from

December 18, 2024

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

December 17, 2024

Testing the limits of generative AI: How red teaming exposes vulnerabilities in AI models

4 min read - With generative artificial intelligence (gen AI) on the frontlines of information security, red teams play an essential role in identifying vulnerabilities that others can overlook.With the average cost of a data breach reaching an all-time high of $4.88 million in 2024, businesses need to know exactly where their vulnerabilities lie. Given the remarkable pace at which they’re adopting gen AI, there’s a good chance that some of those vulnerabilities lie in AI models themselves — or the data used to…

December 16, 2024

FBI, CISA issue warning for cross Apple-Android texting

3 min read - CISA and the FBI recently released a joint statement that the People's Republic of China (PRC) is targeting commercial telecommunications infrastructure as part of a significant cyber espionage campaign. As a result, the agencies released a joint guide, Enhanced Visibility and Hardening Guidance for Communications Infrastructure, with best practices organizations and agencies should adopt to protect against this espionage threat. According to the statement, PRC-affiliated actors compromised networks at multiple telecommunication companies. They stole customer call records data as well…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature