Now that the NFL season has officially kicked off, it seems that scammers are staring across the offensive line waiting to sack consumers who think they can pull off an end run on Netflix, Hulu, or Disney Plus and avoid paying membership fees to stream a ballgame.
New research from OpenText Security Solutions (Carbonite, Webroot) found that out of the NFL streaming sites analyzed, 40% were missing a security certificate -- a small data file through which the identity and authenticity of a website are made known -- and more than 90% of sites were classified risky.
Kelvin Murray, senior threat researcher at OpenText told ConsumerAffairs that much like the recently reported high school football streaming scheme, anyone who decides to try using an illicit site to watch, say the Packers or Broncos, is asking for trouble.
“Our recent research, conducted in conjunction with FACT, analyzed 50 of the “free-to-view” sites and found that every single one contained malicious content that could expose users to scams, putting their safety and data at risk,” he said.
“One of the more concerning findings was the high level of extreme or explicit content that could be viewed. This is especially worrying given that many families with young children share devices, increasing the risk of exposing children to X-rated content.”
Even the most tech-savvy viewer can fall victim
Murray said these scammers aren’t in this for fun – they want a playoff-worthy payday. And they’re out in droves, too. When ConsumerAffairs searched “watch NFL for free,” 423,000,000 results popped up. One can only imagine the number of those that are probably scam bait.
The current wrinkle the cybercrooks are in love with is banking trojans, a type of malware that is hidden under legitimate-looking software and designed to hack your bank accounts.
As an example, the scammers may have disguised a banking trojan as a mute button, but when the user clicks on that button, boom! The trojan automatically downloads to the person’s device and starts its dirty work. Murray said that if someone’s antivirus is even the slightest bit out of date, it may not recognize the malware.
How to stay safe
The #1 red flag for anyone who thinks they’re beating the legit streams at their own game is that the website URL they’re logging into begins with HTTP, not HTTPS.
“While the difference of a single letter may not seem like much, ‘S’ is crucial as it indicates encryption,” Murray said. “An HTTPS site isn’t a guarantee that a website is completely safe, however, its absence should always serve as a red flag not to use it.”
Another clue that you’re on an illegal streaming site is that it’s loaded with pop-ups and redirects to grab your attention and convince you to click. Legit streaming sites are far more conservative in look and feel, so if you see anything – especially an offer – that looks too good to be true, it usually is, Murray suggested.
The last warning signal is if a site says it needs to install an extension so a person’s computer system can process the content correctly. That may have been true in the past, but Murray says in today’s streaming world, it’s a major red flag and will typically lead to malware or phishing redirects.
“Of course, the best way to stay safe is to avoid risky free-to-view sites,” he concluded, adding “Reliable anti-virus that blocks malicious webpages will prevent you from opening and falling victim to these sites.”