Game of Thrones phishing scam targeting torrenters and internet service providers exposed

A phishing scam has been uncovered that impersonates rightsholders like HBO and Warner Bros and sends fake copyright infringement notices and settlement demands to internet service providers (ISPs) in the UK, US and Australia.

The scam, which comes in the form of a letter from well-known anti-piracy firms, aims to trick the ISPs into forwarding the notices onto the targeted customers and is using high-profile TV shows like Game of Thrones in its ploy.

According to TorrentFreak, which has been reporting on the ongoing scam, several employees from a number of ISPs got in contact to confirm letters were part of a widespread phishing campaign over the last few weeks.

While some ISPs have caught on to the scam, others have reportedly forwarded the notices – which demand a real settlement fee – directly onto their customers. Furthermore, the domain name used to collect the money keeps changing meaning it's harder to track and shut down.

The emails have caused "confusion" at some ISPs as HBO and its anti-piracy outfit – called IP-Echelon – have indeed sent legitimate notices in the past for the oft-pirated Game of Thrones TV show. However, when contacted, IP-Echelon confirmed it was a fraudulent letter. "The notices are fake and not sent by us. It's a phishing scam," it said.

The phishing letter states: "We have received information leading us to believe than an individual has utilised the IP address [redacted] at the noted date and time to host and/or facilitate the downloading and/or streaming of content."

The notice then lists a number of "infringement details" including the name of the show, IP address, timestamp, file size and the torrent name. It also lists a URL where users can follow to settle the fee and informs the recipient that if they don't pay they will face legal action.

It adds: "You have 72 hours to access the settlement offer and settle online. If you fail to settle, the claim(s) will be referred to our attorneys for legal action. At that point the original settlement offer will no longer be an option and the amount will increase as a result of us having to involve our attorneys."

Mike Patterson, founder and chief executive of US-based cybersecurity firm Plixer, said anyone who receives such a notice should always follow up with a phone call to ensure they are not being scammed.

"Call the telephone number on the official website and not the one listed in the email," he said. "Any emailed notice should be scrutinised for validity. Check the from-email address to make sure the domain is the same address as the official web site. Receivers of these types of emails can also hover over links in the content with their mouse and look at the tool tips that appear."