DIGITAL LIFE

Cybercriminals use Pope Francis' death for phishing and disinformation campaigns

Check Point Software researchers have detected a series of phishing and disinformation campaigns associated with the death of Pope Francis. Hours after the announcement of his death, disinformation campaigns began to appear on social networks such as Instagram, TikTok and Facebook.

“Cybercriminals thrive on chaos and peak public interest,” warns Rafa Lopez, a security engineer at Check Point Software specializing in email protection. Quoted in a statement, the expert states that “curiosity and emotional reactions make these moments propitious for attackers”, adding that “whenever a high-impact news event occurs, we see a sharp increase in schemes that seek to exploit public interest”.

According to Rafa Lopez, the campaigns identified were designed to capture users' attention, encouraging them to search for more information through search engines or to click on links embedded in images or posts. In these cases, users may be redirected to fraudulent websites, created to steal data or money through financial schemes.

“In one of the cases observed, the link was ‘disguised’ on a website that allegedly spread fake news about Pope Francis. When clicking on it, the user was redirected to a fake Google page, which promoted a gift card scam, a common tactic to trick users into providing sensitive data or making payments”, explains the expert.

But there are fraudulent websites that go even further by executing commands in the background without any user interaction. This type of threat is capable of collecting data such as the machine name, operating system, location, language and much more.

“The goal is to collect detailed information about users to launch highly targeted phishing campaigns or to sell this information on the Dark Web. This data may include login credentials, financial information or technical specifications of the device”, adds Rafa Lopez.

According to the researchers, another risk associated with these campaigns involves a tactic called “Search Engine Optimization poisoning”. Through this, cybercriminals pay to position their malicious websites among the first results of search engines, tricking users into believing that they are accessing reliable information.

This "poisoning" allows them to distribute malware, steal credentials or "hijack" session cookies, monetizing the traffic generated by the websites.

"The problem is aggravated because many of these domains do not appear in threat reputation tools," explains Rafa Lopez. "They may have been recently registered or have been inactive for months without any malicious behavior, thus escaping detection by traditional cybersecurity systems."

Campaigns like those detected by the cybersecurity company are part of a broader trend known as "digital opportunism," where attackers exploit events of global interest to spread malware or disinformation.

As Hendrik De Bruin, Director of Security Consulting for the SADC region at Check Point Software, explains, investigations have repeatedly identified spikes in phishing and malware campaigns associated with these types of events.

mundophone