12 Nov 2010

New spam scam targets Harry Potter fans

An internet security firm recently published a new advisory, warning Harry Potter fans about new spam that uses search engine poisoning to infect computers.

The malware is embedded on sites that lure users with the promise of being able to watch “Harry Potter and the Deathly Hallows” online. The sites contain messages with links, which are paired with glowing user reviews.

The link scams all work in similar fashion. Rather than showing the film, the sites direct users to bogus offer for free items, such as an iPad. The sites then ask users to enter personal information into a form or to complete a survey.

Once the user enters their data, however, the page becomes stuck on a “checking for completion” message.

"I am not sure if their main aim is really to collect survey information, but what I am sure of, is once you submit your personal details to them, they can do whatever they want with it," said researcher Alan Lee.

Harry Potter films have been targeted by cyber criminals in the past. In 2009, similar scams emerged with the release of “Harry potter and the Half-Blood Prince.” Like the more recent scams, users were promised they could watch the film online for free if they divulged personal information.