Cyber-criminals exploit national tragedies to spread malware
Hackers send out emails with misleading titles in order to direct computer users to their sites
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Web security analysts have renewed warnings of hackers exploiting national tragedies to spread malware, with recent examples following the aftermath of both the Boston Bombings and the explosion of a fertiliser factory in Texas.
Recent reports from email security specialists AppRiver identified a series of campaigns conducted by cyber-criminals in the form of a ‘bait and switch’: emails are sent out with subject lines promising updates on recent news stories and when unsuspecting users click the links they’re then sent to sites containing malware.
One method used sent emails with the simple subject field of ‘headlines’ with the body of the messaged containing a hyperlink and a html document labelled as either “boston.html” or “news.html”. Clicking on these then sent victims to a land paged where screencaps of TV footage were used to replicate a news website.
Later, more advanced emails were sent out that more closely mimicked those from real news organisations. Typical headlines included: ‘Opinion: FBI knew about bombs 3 days before Boston Marathon - Why and Who Benefits? - CNN.com’, Opinion: Boston Marathon Worse (sic) Sensation - Osama bin Laden still alive!? - CNN.com’ and ‘Opinion: North Korean Official's child was the CIA target - Boston Marathon Explosions Worse Sensations. - CNN.com.’
Fred Touchette, a security analyst for AppRiver, said: “It no longer comes as a surprise when we see malware campaigns destined for inboxes that pretend to be news stories or videos about recent tragedies that become world topics. It's an appalling technique that these unscrupulous cyber-criminals found to be highly effective.”
“This type of despicable activity not only hurts the user duped into following the link, but also potentially the aid agencies desperately trying to raise awareness, and donations, in the wake of these disasters.”
To protect against such attacks experts advise a typical combination of anti-virus software and everyday vigilance – if you’re receiving unsolicited emails then think before clicking any links.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments