Tuesday 23 July 2013

Royal Baby: Exclusive Pics! – Don't Fall for It

When Kate Middleton, the Duchess of Cambridge, went into labor with the child who recently became third in line for the throne of England, the event immediately had millions of royal-watchers riveted – and, apparently, plenty of spammers ready to leverage the vast amount of public interest in everything from the sex of the baby to “secret pictures” of the new arrival.
The social engineering aspects of the story are simply pregnant with possibilities (ahem).
"Malware authors worldwide have been waiting ages for this," security blogger Graham Cluley told the Register, noting that spear phishing emails with themes like "Exclusive first pictures", "Secret video from inside delivery room" and "Sex revealed" are sure to rope some royal baby fans into a malware trap.
Will and Kate were used as malware bait before when they were engaged, and proved that, as with any hot story, it pays to be very careful where one surfs around for news. Malware authors are also aware of the process of search-engine optimization (SEO) and often exploit big stories to create malicious webpages that attack unaware visitors who are simply looking for news and information.
Hurricane Sandy was a notorious honey trap for consumers, with malware authors posing as charity operations in order to get users to click over to an infected page. Celebrities, too – not just royals – tend to be used for malicious purposes, and for the same reason; put simply, people are interested in them. Cluley pointed out that a new Facebook scam is using Emma Watson to spread malware.
“Everybody should know by now that it’s a very bad idea indeed to click on any Facebook links that claim to be a leaked sex video of a world famous actress,” he said in his blog. “And yet, people still do.”
The scammers claim to have a compromising video of the Harry Potter actress, and offer via Facebook spam to offer it for free “after age verification.” Of course, the age verification involves cutting-and-pasting a script into a browser’s address bar – which takes users to an infected page.
Instead of verifying age, “you are helping to help spread the scam for the fraudsters behind it, and put money in their pockets,” Cluley said. “Behind the scenes, the link to the alleged Emma Watson sex video will be posted on the victim’s own Facebook wall, tagging their friends in a hope to spread the scam even further.

No comments:

Post a Comment