We’ve seen it all too often already. Whenever a major news story breaks, spammers and other cybercriminals mobilize quickly, assembling their own forces to create realistic looking news stories and lures to videos meant to entice anyone and everyone who may have an interest in the story. We saw it in 2005 with Hurricane Katrina, in 2009 with the death of Michael Jackson, this year with the earthquake in Japan, and countless times in between.
It will happen again this time with the death of Osama bin Laden. Given the magnitude and interest in the story many people will be tricked into clicking on links that will trick them into giving up personal information, infect their PCs with malware and cause them to unknowingly be sending out links to this and similar stories which will infect others via their social media profiles.
As always, be ever diligent when browsing the web today and over the next few days, particularly as you browse the web. If you are looking for news stories related to the death of bin Laden here are a few simple rules:
— Browse only to the sites of popular, well respected news organizations. Be wary of looking for the stories on popular search engines. Frequently cybercriminals will create their own sites and employ tactics to make sure they appear at the top of popular search engine results to increase the likelihood you will browse to them.
— Do not click on links to get to news sites, even if they look like they may be going to well respected news sites. Type in the URL yourself. This story is big enough where it will be on the front page for days making it easy to find.
— Avoid clicking links from friends’ social media “walls,” particularly those that lead to videos. Links to outrageous videos have recently very often been the threat du jour for cybercriminals. The movement to social media has been rapid and effective.
— Avoid clicking on links to related news stories and videos in your Twitter feed. Many times these links are created using URL shortening services which hide where the link is truly going until you’ve clicked on it. By then it is too late.
— Avoid clicking on links or opening attachments from emails, particularly those that come from someone that you don’t know or who appear to be coming from a news organization reporting on the story. We’ve seen many times before emails that allege to come from a reputable news source but are really just spoofing their logo and abusing their email domain in an attempt to establish credibility and get you to click on a link or open an attachment.
As always, be careful what you click. Cybercriminals will take advantage of any major news story to get you to open attachments, click links, and watch “videos” in an attempt to infect your PC with malware. My prediction is that the campaigns sent out with this news event will be particularly effective even if they aren’t particularly well crafted simply due to the passion that people will have around wanting to get as much information as possible about the news and events that lead to bin Laden’s death.