Beware of attempts to cash-in on terrorist attacks
New Zealand’s government has warned of a number of online scams targeting well-wishers and charity donors following the terrorist attack in the city of Christchurch last week.
CERT NZ, the incident response and cybersecurity branch of the central government, has advised on what to look out for, as scammers look to exploit the tragic event last Friday that left 49 dead.
Cybercrooks are sending phishing emails that contain links to fake online banking logins, or fraudulent accounts that pose as legitimate donation pages.
Malicious video files that contain embedded malware are also reportedly being widely shared online, CERT NZ said.
Anyone wishing to donate to help the victims and their families are advised to contact official platforms directly, rather than clicking on unsolicited links received via email or found on social media.
CERT NZ also warned that websites are being compromised in order to spread political messages in the wake of the incident.
Attackers are reportedly defacing New Zealand-based websites with statements related to the Christchurch incident, and some website owners have been threatened with denial-of-service attacks to force them offline.
The agency urged anyone who has received phishing emails, malicious videos, or had their website compromised to contact CERT NZ.
Across the Pacific, US-CERT has also warned against tragedy-related scams, urging American citizens to “take caution” online.
It warned: “In the wake of the recent New Zealand mosque shooting, the Cybersecurity and Infrastructure Security Agency (CISA) advises users to watch out for possible malicious cyber activity seeking to capitalize on this tragic event.
“Users should exercise caution in handling emails related to the shooting, even if they appear to originate from trusted sources.
“Fraudulent emails often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from duplicitous charitable organizations are also common after tragic events.
“Be wary of fraudulent social media pleas, calls, texts, donation websites, and door-to-door solicitations relating to the event.”
“Cybercriminals will always take advantage of terrorist attacks to exploit people financially,” Joseph Carson, chief security scientist and advisory CISO at Thycotic, told The Daily Swig.
“These malicious campaigns will also attempt to steal login credentials and bank details to sell onwards to other cybercriminal groups.
“The best way to avoid such scams is to go directly to official charitable websites and avoid clicking on suspecting links within emails or social media feeds.”
“Heightened emotions are at the heart of what’s known as ‘social engineering’, where attackers exploit human nature,” added Adam Sheehan, behavioral science lead at MWR InfoSecurity, an F-Secure company.
“When our emotions are heightened, we can be more vulnerable to malicious attempts at online influence.
“Criminals will use the emotion of the recent tragedy to lower peoples’ guard. Beware of any emails, links, or webpages which may be exploiting your kindness and desire to help.”