I was asked whether I'd seen SEO (Search Engine Optimization) poisoning relating to the Icelandic eruption and the very widespread grounding of aircraft in Europe. Well, there were certainly attempts in March to exploit the earlier Eyjafjallajokull eruption in order to drive googlers interested in finding out more towards malicious web sites. So it would be naive to assume that they haven't or won't make use of the current travel crisis. I haven't noticed an upsurge, but I don't have the lab resources to monitor that kind of activity personally: if our research labs mention a significant uptick we'll pass it on here.
However, a post by Zeljka Zorz at Help Net Security raised an interesting idea. The post actually deals with the "friend in need" scam (or "London scam" or "Londoning") that I've mentioned here and at other blogs several times before. Technically, I suppose you'd have to call it Wolverhamptoning, since the address given by the scammer was near to that part of the UK's West Midlands. As I've spent much of my life in that part of the country (in fact, I was there last week), I was kind of amused by the picture of robbers rampaging through semi-rural English hotels and stealing luggage, money and "my contact dairy" (obviously la creme de la crime…) What would Miss Marple have said? I'm not saying that Wolverhamption doesn't have its rough spots, but Robin Hood ceased his operations some centuries ago, and anyway seems to have preferred the East Midlands.
Still, I can see that a potential victim might be as unfamiliar with the locality as this scammer appears to be,and if you're not familiar with this type of scam, it's useful to remember that the site of the "robbery" doesn't have to be London, or even the UK: indeed, it's likely that we'll see further diversification of locale and scenario. Which leads us to Zeljka's most interesting point.
Also, this situation made me think and realize that we will probably soon witness scam emails that take advantage of this "Iceland volcano erupting" situation and will try to claim that your friend has been stranded in the UK because of the lack of flights and has run out of funds, so would you please send some? Thanks!
Ordinarily, I'm cautious about proposing hypothetical scenarios for new scams and other threats. The bad guys are inventive enough, without giving them more ideas. But this scenario fits in so neatly with the "friend in need" approach to scamming, that it's hard to imagine it hasn't already been tried.
So what can you do about it? Here's a slightly expanded list of suggestions from my last post on the topic.
(Tip of the hat to Sorin Mustaca for the pointer to Zeljka's post.)
David Harley CISSP FBCS CITP
Research Fellow & Director of Malware Intelligence
ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter:
ESET White Papers Page: http://www.eset.com/download/whitepapers.php
Securing Our eCity community initiative: http://www.securingourecity.org/
Also blogging at:
Author David Harley, ESET