Proving there are no depths they won’t plum, cybercriminals have begun exploiting the news of Pope Francis’s passing in a range of malicious campaigns.
This tactic has been popular for some time. Bad actors are the first to jump on the bandwagon during major world events—from global disasters to the deaths of famous people.
From disinformation and scams, to malware, there is no tragedy they won’t take advantage of.
According to Check Point Research, “They typically begin with disinformation campaigns on social media platforms like Instagram, TikTok, or Facebook, uploading fake images generated by AI.”
These campaigns aim to grab users’ attention. They encourage users to look for more info on search engines or click links in the images or posts. Once users engage, they might be sent to fake websites. These sites can steal data or run financial scams.
In one example observed, the link was obfuscated in a website promoting potential fake news about Pope Francis. Once one of the links was clicked on, users were redirected to a fake Google page promoting a gift card scam—a common trick used to fool people into handing over sensitive information or making payments.
A Host of Risks
On some fake websites, harmful programs run in the background without users having to do anything. These programs secretly collect details like the computer’s name, operating system, country, language, and more. The goal is to gather as much information as possible to send the user highly convincing scam messages at a later date, or to sell their data on the dark web.
SEO poisoning is another scourge. Here, bad actors pay to elevate their fake websites to the top of search results, making them appear legit. When users click these links, they could download malware, have their login details stolen, or have their online sessions hijacked.
“This problem is exacerbated by the fact that many of these domains do not appear in reputation intelligence tools,” the researchers say. “The domains may have been recently registered or held dormant for months without showing any malicious behavior, allowing them to bypass detection by most cyber security systems. Attackers are adept at using clean domains with no historical ties to malicious activity, making their campaigns harder to flag.”
Cyber Threat Opportunism
This is part of a larger trend called “cyber threat opportunism,” where attackers take advantage of major global events to spread malware or false information. Studies show that phishing and malware attacks often increase during these times. For example, during the COVID-19 pandemic, Google reported over 18 million malware and phishing emails every day related to coronavirus scams.
Cyber criminals thrive on chaos and curiosity. Whenever a major news event happens, we see a sharp rise in scams designed to exploit public interest. The best defense is a combination of user awareness and layered security protection.
How to Stay Safe
Use web security tools or browser extensions that check websites in real time to block harmful links before they open. Also, be careful with sensationalized headlines or outrageous news reports, especially on social media. If it is too good to be true or sounds outrageous, it is. Check the information through credible news sources before posting or believing it.
Next, avoid clicking on links from unknown sources, especially in emails or social media posts about breaking news. Instead, type the official website address directly into the browser.
Finally, consider using advanced security software that offers phishing protection, malware detection, and regular threat updates. This extra layer of security can help keep devices and personal information safe
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.