So you get a Twitter tweet or Facebook notification from what “seems to be” a friend saying they have the latest information in the development of Hurricane Irene, if you just “click here.” When you do, you find that your “friend” might really be computer script from a distant land directing you to a fake website with malware. And oh, by the way, your computer is now infected.
The practice, a variant of BlackHat Seach Engine Optimization (BHSEO), picking major world events for scams to target unsuspecting victims through fake high-ranking search engine results, is nothing new. When a major world event occurs, people feel like there’s an urgent “need” to know what’s going on, a bit of a frenzy. The new twist is when BHSEO tactics join social engineering to provide malicious links that “seem” to be coming from people you really know and trust.
There is a social element involved, people tend to drop their guard a bit when receiving information from people they have a relationship with. Add that to a major breaking news event, and the guard drops a little further. Suddenly, there’s a scramble to find the most reliable up-to-the-minute information, and less attention paid to the normal defenses. While it’s sad that attackers would exploit this sort of event, it’s nothing new, and you should protect yourself.
Folks will still visit high-ranking fake websites through traditional search engine queries during the Hurricane Irene coverage. One way to increase a malicious site’s rankings is to make it “seem” popular among social networking rating systems, which is simplified by using fake or hacked Twitter/Facebook accounts, so the scam works both ways, tricking users into visiting fake tweeted links, and also raising popularity to similar links on the search engines. Considering how a sudden spike in search engine term popularity can vault websites to the top of the rankings, expect to see this kind of activity continue surrounding Hurricane Irene (and whatever the next major event will be).
To protect yourself, the same advice applies: Only visit reputable websites for your information, and then type their name directly into your browser address bar, don’t rely on the shortened links common in tweets. Also, look for strange syntax and phrasing in solicitations from “friends”, often the text is generated by those who don’t use English as their first language, so they may have awkward wording. Of course, you can always turn on your TV, but hey, this is a tech blog, we do things online, right?
Author Cameron Camp, ESET