The past few weeks have seen two major disasters in which hundreds of people lost their lives. 157 people lost their lives in the Ethiopian Airlines Boeing 737 Max crash and the Christchurch mosque massacre saw 50 people killed.
Both events were terrible tragedies that shocked people the world over. Victims and their families have been receiving messages of support on social media and many people have shown their support by making financial donations. More than US$5 million has so far been raised to help the victims of the New Zealand attack.
Unfortunately, cybercriminals are taking advantage. In the past few days, phishing campaigns have been detected that are using the tragedies to infect computers with malware and steal charitable donations.
According to New Zealand’s cybersecurity agency, CERT NZ, multiple campaigns have been detected that are using the Christchurch attack as a lure. Malware has been embedded in video footage of the tragedy which is currently being shared online, including on social media websites.
Phishing attacks are also being conducted which contain links to faked online banking forms that attempt to obtain users banking credentials. One campaign spoofed the Westpac New Zealand bank and emails appeared to have been sent from its domain. Other email campaigns contain pleas for financial assistance and supply bank account details for donations, but the details are for criminal-controlled accounts.
Another campaign has been detected that is using the Ethiopian Airlines Boeing 737 Max crash to spread a remote access Trojan and information stealer. The emails claim to offer information to air travelers about airlines that are likely to also suffer crashes. The emails offer information that has been found on the darkweb by a security analyst. The emails include a JAR file which, it is claimed, has important information for all air travelers on airlines to avoid due to the risk of plane crashes.
Whenever there is a tragedy that is extensively covered in the media cybercriminals try to take advantage. By adopting cybersecurity best practices such as never opening email attachments from unknown senders nor clicking links in emails, these scams can be avoided.
Unfortunately, email spoofing makes it difficult to detect phishing threats. Scam emails often appear genuine and seem to have been sent from a trusted source. To combat the threat to businesses, TitanHQ has recently updated its spam filtering solution, SpamTitan, to provide greater protection from these threats.
SpamTitan now incorporates DMARC to authenticate senders of emails and protect against email impersonation attacks. To provide even greater protection from malware, in addition to dual anti-virus engines, SpamTitan now incorporates a Bitdefender-powered sandbox, where suspicious files can be safely analyzed to determine whether they are malicious.
These additional controls will help to protect businesses and end users from new malware threats and advanced phishing and email impersonation scams.