New Harry Potter Movie Means New Malware Scams

While movie fans anxiously await the Nov. 19th release of Harry Potter and the Deathly Hallows: Part 1, malware authors are already using the franchise's appeal to lure unsuspecting victims to tainted websites and information-stealing links.

According to security software vendor PC Tools, this latest theatrical version of J.K. Rowling's astoundingly popular fantasy novel series is already being used as lure to attract fans looking for a sneak peak at what's sure to be one of the holiday season's hit box office attractions. Deathly Hallows

In a security advisory on its website, PC Tools security analysts are warning fans to be careful when searching for anything related to Deathly Hallows because "cybercriminals are targeting unsuspecting fans for identity fraud and spam with websites popping up in online searches promising to offer a free download of the movie, and fake users of the sites are posting attractive blog comments like 'Me and my wife watched this movie here. This movie is great =).'"

While there are numerous variations, the scams all work essentially the same way. Users search for previews and other release information for the movie online and, of course, malware purveyors have set up landing pages offering a free download of the film. 

The intended victims are then directed to complete bogus "offers" that require users to enter personal information or download a potentially malicious toolbar that then collects personal IDs, logins and passwords. Often, the scam includes another field requesting information and offering an opportunity to win something like an iPad.

Finally, according to PC Tools security analysts, once the personal information is obtained, users are asked to click to fill out more information and click to submit their survey data. But the Web page just spins around and around, stuck with a "checking for completion" message.

By then, the user realizes there's no free download or free tickets, only the sinking feeling that they've done something wrong.

"I am not sure if their main aim is really to collect survey information, but what I am sure of, is once you submit your personal details to them, they can do whatever they want with it," PC Tools researcher Alan Lee wrote. "Identity fraud, spam, any takers?"

Similar scams popped up when Harry Potter and the Half-Blood Prince debuted in the summer of 2009.

Fans of the Twilight teen vampire films were also targeted by malware scams looking to steal whatever online information gullible users were willing to dispense.

Harry Potter.jpg

Image courtesy of Warner Bros.

PC Tools and other leading security software vendors advise users to install and update the latest version of their antivirus applications and to be aware of these targeted and socially engineered traps and to use commonsense and recognize that popular movies, celebrities and media events are almost always used as bait to trick people into sharing their most sensitive information.

Larry Barrett is a senior editor at, the news service of, the network for technology professionals.

Keep up-to-date with the latest malware scams; follow eSecurityPlanet on Twitter @eSecurityP.