At least one cybersecurity company is warning customers to watch out for emails claiming to give away free tickets for “Star Wars: The Force Awakens” in the coming weeks. The release date is two months away and, with tickets going for $100 each, hackers will try to take over fans' computers by convincing them they can get into the theater without paying -- or even waiting in line.
That's a warning from KnowBe4, a cybersecurity awareness training company that says it sent out 10,680 test-phishing emails to employees at various companies in recent weeks. Of those, 1,505 messages were opened, and 109 recipients followed the link. At least one IT employee reported the fraudulent message to KnowBe4.
“The next installment of the iconic 'Star Wars' series hits theaters on Dec. 18th, and you can be there on opening night, on us,” says the email, which appears to be sent by firstname.lastname@example.org, according to a copy obtained by the International Business Times. “Think you are the biggest 'Star Wars' fan? Find out by taking our survey and win two tickets for opening night in your city.”
Recipients are then instructed to follow a link to a survey, where they have to input their personal information within three days to enter the contest.
Attackers use sophisticated phishing emails to dupe targets into following links they've created for the express purpose of stealing their account information, which enables them to infiltrate their company's computer network or steal their identity. All it takes in some cases is to follow the link for a piece of malicious software to be injected on the target computer.
Proactive corporate training has become more common, though the results haven't been encouraging. One CBS News/Intel Security survey in May tested 19,000 people throughout the world and found that 80 percent of respondents fell for at least one of the emails they were sent (only 3 percent received a perfect score).