With International Day of Families being celebrated today, May 15, a report from Kaspersky has set off alerts about something we should all be concerned about: cyber attackers are using brands that many families know and trust, such as Disney, LEGO, Toca Boca and even MrBeast himself, to trick people with fake promotions, sweepstakes that don't exist and suspicious links that seem harmless.
Their goal? To take advantage of the trust we feel towards these brands to sneak into our digital lives. And yes, the numbers bear this out: between mid-2024 and early 2025, these attack attempts grew by 38%. We went from about 89,000 attempts in one quarter to nearly 123,000 in the next. In total, more than 432,000 attempts were detected in that period alone.
All this is no coincidence. Behind it is a well thought-out strategy: to disguise themselves as beloved brands, gain your attention and then steal personal information, passwords or even access to your accounts. That is why it is so important to understand how these traps work and what we can do to avoid falling into them, especially when there are children at home, who are usually the most exposed to this type of disguised content.
Attacks targeting children and families from Q2 2024 to Q1 2025
When we think of brands like LEGO, Disney or Toca Boca, the first thing that comes to mind are fun times, family games or endearing cartoons. But that's exactly why - because they are so familiar and trustworthy - they have become the perfect target for cybercriminals. According to the Kaspersky study, these brands were the most used in attack attempts over the last year. LEGO-related content alone accounted for more than 306,000 attempts. This was followed by Disney with 62,000 and Toca Boca with 45,000. Attacks disguised as Paw Patrol (12,500) and Peppa Pig (4,900) were also detected, although in smaller numbers.
The strategy is clear: to take advantage of the trust that parents and children have in these brands to sneak in viruses and malicious files. Often, what looks like a free game, a cartoon episode or a fun app is actually a trap. And the more popular the brand, the more likely it is that someone will let their guard down.
The report also shows that most attacks do not come in the form of obvious viruses, but camouflaged as something harmless. Almost 400,000 attempts were related to Downloaders, those programs that look normal but in the background download malicious applications. What's worse is that they are often presented as games, videos or installers linked to brands that children are familiar with, which makes them even more dangerous.
There were also more than 7,800 cases of Trojans: malware that can steal personal data, spy on what you do on your device or give an attacker full access. They usually hide in files that seem harmless, such as fan-made apps or supposed game cheats.
And if that wasn't enough, more than 6,400 adware attempts were recorded, which although they don't steal information directly, they do fill your device with annoying ads, slow it down and can open the door to more serious threats. They are usually disguised as flashy games or apps for watching videos.
To top it off, the researchers also found fake websites that almost perfectly mimic the official pages of these brands. One of the most striking examples was a phishing website identical to the official Tokyo Disney Resort site. It all looked real, but it was a hoax: when trying to buy tickets, users ended up handing over their personal and credit card details to the scammers.
Example of a phishing page that impersonates Tokyo Disney Resort
Another discovery made by Kaspersky has to do with MrBeast, the famous youtuber that many children and teenagers love for his videos full of challenges and impressive gifts (from gadgets to entire houses). Precisely because of this, his name has become the perfect bait for online scams.
Scammers created fake pages promising “free gifts from MrBeast”, such as digital cards for Roblox, Xbox or PlayStation. It all looked like part of one of their typical challenges: they asked you to choose a prize and do a small task “to win it”. Nothing suspicious at first glance. But there was the catch. To put pressure on you, the page displayed a timer that said something like, “You only have X minutes to complete the sponsored activity and unlock your gift.” That timer was nothing more than a tactic to get users to act fast, without thinking too much... just like the criminals wanted.
This whole process is designed to lead victims, step by step, to more and more deceptive sites. At the end, they ask you to pay a “small commission” in order to receive the prize... but of course, the prize never arrives. And the only thing you gain is losing your money.
Read more: What is Phishing? Protect Yourself from Digital Deception
The internet can be a wonderful tool for learning and having fun, but it’s also full of risks that aren’t always easy to detect, especially for young children. That’s why it’s crucial to help your kids navigate the digital world safely. Here are some practical recommendations: