{"id":81612,"date":"2025-02-13T09:00:38","date_gmt":"2025-02-13T09:00:38","guid":{"rendered":"https:\/\/www.cryptocabaret.com\/?p=81612"},"modified":"2025-02-13T09:00:38","modified_gmt":"2025-02-13T09:00:38","slug":"scammers-exploited-official-eu-website-for-piracy-scams","status":"publish","type":"post","link":"https:\/\/www.cryptocabaret.com\/?p=81612","title":{"rendered":"Scammers Exploited Official EU Website for \u2018Piracy\u2019 Scams"},"content":{"rendered":"<p><img fetchpriority=\"high\" decoding=\"async\" src=\"https:\/\/www.cryptocabaret.com\/wp-content\/uploads\/2025\/02\/eudigital-600x537.jpg\" alt=\"eu digital\" width=\"300\" height=\"268\" class=\"alignright size-large wp-image-263846\" srcset=\"https:\/\/www.cryptocabaret.com\/wp-content\/uploads\/2025\/02\/eudigital-600x537.jpg 600w, https:\/\/torrentfreak.com\/images\/eudigital-300x268.jpg 300w, https:\/\/torrentfreak.com\/images\/eudigital-150x134.jpg 150w, https:\/\/torrentfreak.com\/images\/eudigital.jpg 921w\" sizes=\"(max-width: 300px) 100vw, 300px\">In an effort to make online piracy less visible, search engines actively <a href=\"https:\/\/torrentfreak.com\/google-downranks-65000-pirate-sites-in-search-results-180629\/\">downrank<\/a> and <a href=\"https:\/\/torrentfreak.com\/googles-permanent-deindexing-of-pirate-sites-spreads-across-europe-221216\/\">de-index<\/a> pirate site domains. <\/p>\n<p>This works, in the sense that it makes it harder for prospective pirates to bump into these sites though searches. It also created new problems and exacerbated others in the process. <\/p>\n<h2>Scams Galore<\/h2>\n<p>Since the top positions in search results are relatively free of well-known and generally more trusted pirate sites, malicious actors use this void to get piracy-related scams featured instead. To do so, they create keyword-filled pages using titles of high-demand content, paired with keywords such as \u2018download\u2019, \u2018stream\u2019, \u2018free\u2019, and so forth.<\/p>\n<p>To increase the effectiveness of this tactic, the scammers try to get their shady promotions featured on reputable domain names, such as <a href=\"https:\/\/torrentfreak.com\/university-websites-are-being-flooded-with-online-piracy-scams-230429\/\">universities<\/a>, <a href=\"https:\/\/torrentfreak.com\/spammers-exploit-imdb-to-promote-fishy-movie-piracy-sites-230108\/\">IMDb<\/a>, and <a href=\"https:\/\/torrentfreak.com\/scammers-use-facebook-and-google-to-spread-fake-pirate-downloads-181209\/\">social media platforms<\/a>. <\/p>\n<p>This is a problem we\u2019ve highlighted previously, including frequent targeting and abuse of official <a href=\"https:\/\/torrentfreak.com\/scammers-use-european-union-website-to-promote-pirate-streaming-210525\/\">European Union websites<\/a> (europa.eu). The EU is taking countermeasures to limit the abuse but ending it permanently appears to be a challenge.<\/p>\n<h2>EU Subdomain Exploited<\/h2>\n<p>This week we discovered what is likely one of the more egregious exploits of the Europa.eu domain. As it turns out, scammers found a way to use a subdomain of the European Food Safety Authority (<a href=\"https:\/\/www.efsa.europa.eu\/en\">EFSA<\/a>) website, mgmt-test.efsa.europa.eu, to promote their dubious schemes. <\/p>\n<p>What was particularly concerning was the automatic redirection of users who clicked the link, to a scam website where they could \u2018<a href=\"https:\/\/torrentfreak.com\/images\/signup2.jpg\">sign up<\/a>\u2018 for an account. Those sites typically ask for credit card details, which may then be abused in the future. <\/p>\n<p>Over the weekend, a site offering free access to a Super Bowl stream was particularly popular. Different variations appeared in search results, as shown below.<\/p>\n<\/p>\n<p><center>Super Bowl scam<\/center><br \/><center><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.cryptocabaret.com\/wp-content\/uploads\/2025\/02\/superbowl.jpg\" alt=\"super bowl scam\" width=\"600\" height=\"431\" class=\"alignnone size-full wp-image-263850\" srcset=\"https:\/\/www.cryptocabaret.com\/wp-content\/uploads\/2025\/02\/superbowl.jpg 1306w, https:\/\/torrentfreak.com\/images\/superbowl-300x216.jpg 300w, https:\/\/torrentfreak.com\/images\/superbowl-600x431.jpg 600w, https:\/\/torrentfreak.com\/images\/superbowl-150x108.jpg 150w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\"><\/center><\/p>\n<p>Similar promotions were seen from the same EFSA subdomain, linking to adult content including <a href=\"https:\/\/torrentfreak.com\/images\/onlyleak.jpg\">Onlyfans leaks<\/a>, and traditional copies of pirated movies. Needless to say, people who stumbled upon these through search engines, didn\u2019t get what they were looking for.<\/p>\n<\/p>\n<p><center>Moana<\/center><br \/><center><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.cryptocabaret.com\/wp-content\/uploads\/2025\/02\/moanaeu.jpg\" alt=\"moana\" width=\"600\" height=\"321\" class=\"alignnone size-full wp-image-263871\" srcset=\"https:\/\/www.cryptocabaret.com\/wp-content\/uploads\/2025\/02\/moanaeu.jpg 999w, https:\/\/torrentfreak.com\/images\/moanaeu-300x160.jpg 300w, https:\/\/torrentfreak.com\/images\/moanaeu-600x321.jpg 600w, https:\/\/torrentfreak.com\/images\/moanaeu-150x80.jpg 150w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\"><\/center><\/p>\n<p>Previous scams typically involved uploaded <a href=\"https:\/\/torrentfreak.com\/images\/pdfex.jpg\">PDF files<\/a> or user-generated content containing links to scam sites. The recent exploit redirected visitors automatically, which presumably made it more effective. <\/p>\n<h2>EFSA Leak Fixed<\/h2>\n<p>After alerting EFSA, the organization was quick to address the issue and the affected subdomain was taken offline in a matter of hours. At the time of writing, the redirects are no longer active, and the associated pages have started to disappear from search engines. <\/p>\n<p>Of course, this doesn\u2019t mean that all will be fine from now on. Caution is certainly advised. Over the past few days, dubious content has been posted to other EU websites as well, including the European Social Fund+ and the Interoperable Europe website. And there will likely be more holes to patch going forward. <\/p>\n<\/p>\n<p><center><em><\/em><em>More Problems<\/em> (all addressed)<\/center><br \/><center><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.cryptocabaret.com\/wp-content\/uploads\/2025\/02\/otherscams.jpg\" alt=\"other domains\" width=\"600\" height=\"437\" class=\"alignnone size-full wp-image-263853\" srcset=\"https:\/\/www.cryptocabaret.com\/wp-content\/uploads\/2025\/02\/otherscams.jpg 1339w, https:\/\/torrentfreak.com\/images\/otherscams-300x219.jpg 300w, https:\/\/torrentfreak.com\/images\/otherscams-600x437.jpg 600w, https:\/\/torrentfreak.com\/images\/otherscams-150x109.jpg 150w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\"><\/center><\/p>\n<p>This problem isn\u2019t limited to the EU websites either. GitHub continues to be <a href=\"https:\/\/torrentfreak.com\/images\/pdfex.jpg\">targeted<\/a>, and it wasn\u2019t hard to spot these scams on other reputable sites, including those of the <a href=\"https:\/\/torrentfreak.com\/images\/melbourne.jpg\">University of Melbourne<\/a> and <a href=\"https:\/\/torrentfreak.com\/images\/texc.jpg\">Taylor County in Texas<\/a>.<\/p>\n<p>Looking at the big picture, it\u2019s ironic that piracy downranking measures by search engines like Google have inadvertently created an opportunity for scammers. They are now leveraging those same search engines by exploiting third-party sites.<\/p>\n<p>From: <a href=\"https:\/\/torrentfreak.com\/\">TF<\/a>, for the latest news on copyright battles, piracy and more.<\/p>\n<p class=\"wpematico_credit\"><small>Powered by <a href=\"http:\/\/www.wpematico.com\" target=\"_blank\" rel=\"noopener\">WPeMatico<\/a><\/small><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In an effort to make online piracy less visible, search engines actively downrank and de-index pirate site domains. This works, in the sense that it makes it harder for prospective pirates to bump into these sites though searches. It also created new problems and exacerbated others in the process. Scams Galore Since the top positions [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":81613,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[308],"tags":[],"class_list":["post-81612","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-torrent"],"_links":{"self":[{"href":"https:\/\/www.cryptocabaret.com\/index.php?rest_route=\/wp\/v2\/posts\/81612","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cryptocabaret.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cryptocabaret.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cryptocabaret.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cryptocabaret.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=81612"}],"version-history":[{"count":0,"href":"https:\/\/www.cryptocabaret.com\/index.php?rest_route=\/wp\/v2\/posts\/81612\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cryptocabaret.com\/index.php?rest_route=\/wp\/v2\/media\/81613"}],"wp:attachment":[{"href":"https:\/\/www.cryptocabaret.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=81612"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cryptocabaret.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=81612"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cryptocabaret.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=81612"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}