With Kanye West’s latest album, “Donda,” due out imminently, cybersecurity company Kaspersky has taken the time to investigate whether cybercriminals were taking advantage of the hype to spread malicious files, a la “Black Widow.” It found that, while the number of scams wasn’t huge, they do exist and take several different forms.
It’s easy to see why cybercriminals would target album releases, movies, and other forms of highly anticipated media: It’s easy to slip malicious code into a download, and potentially just as easy to trick someone into giving up personal details for a sneak peek.
SEE: Security incident response policy (TechRepublic Premium)
In the case of Kanye’s latest release, Kaspersky found fake downloads just like those found in the days immediately preceding the release of “Black Widow.” Two particular adware files were named by Kaspersky, Download-File-KanyeWestDONDA320.zip_88481.msi and Kanye West _ DONDA (Explicit) (2021) Mp3 320kbps [PMEDIA] __ – Downloader.exe.
Along with the usual fake downloads, Kaspersky also noticed several different scam websites were using various methods to trick people into clicking malicious links, providing personal information and otherwise being phished out of valuable personal details.
In one example, Kaspersky said, “users receive a link to download the ‘album’, and are asked to participate in a survey and confirm they are not a robot.” Upon completion, users are redirected to a website promising they can make money on bitcoin. “Of course, the link to the album never appears, and if users fall for the offer of becoming a bitcoin millionaire and enter personal data, they may lose their money and not get access to the album,” Kaspersky said.
In speaking about scams surrounding the “Black Widow” release, Kaspersky security expert Anton V. Ivanov warned that fraudsters and cybercriminals love to take advantage of hype and excitement around media releases and the inattentiveness that many people have when trying to find a way to see (or hear) it first.
“In their excitement, viewers become inattentive to the sources they use, and this is exactly what fraudsters benefit from. These attacks are preventable, and users should be alert to the sites they visit,” Ivanov said.
SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)
Kaspersky has several additional recommendations for those looking for tips on staying safe from online scams:
- Only access content from official platforms like Apple’s App Store, Google Play, Spotify, Apple TV, etc. While these sites aren’t completely guaranteed to be safe, Kaspersky said, they are checked and filtered, which reduces user risk.
- Never click on a link without checking the actual URL by hovering a cursor over it or long-pressing on a mobile device to open a preview.
- Even well-designed phishing websites will have tells, Kaspersky said. Links are often misspelled or redirected, so be sure to look at URLs on any website you open through an email or messaging link.
- Don’t open files you didn’t expect to receive. If in doubt, contact the email sender to verify it was them who sent it.
- Be sure that you have a trustworthy security solution installed that can detect phishing and other potentially malicious content.