The news of the catastrophic earthquake that hit Nepal before the end of April generated concern and sympathy around the globe. The magnitude-7.8 earthquake greatly affected the region, not just with the number of lives lost, but in terms of the damage to property and livelihood. Images of the haunting remains of the devastation captured the world, compelling people from all over to extend a helping hand to survivors after weathering what is being called one of the disastrous earthquakes ever to hit the region since 1934.
As is expected in calamities such as this, aid organizations, charitable institutions, government administrations and even private individuals and companies have all spearheaded relief efforts and donation drives for the victims of the disaster. But as quickly as these efforts have been established, cybercriminals are also quick to pounce on the interest with schemes that take advantage of the global event for profit.
How are cybercriminals taking advantage of the Nepal tragedy?
The United States Computer Emergency Readiness Team (US-CERT) has issued a warning to users of potential scams expected use the Nepal earthquake as hook. Social engineering lures that ride the wave of big events similar to the damaging earthquake in Nepal may have been one of the oldest tricks in the book but these have been proven effective through the years.
The US-CERT notes that scam emails are known to contain links and attachments used as ploy to lead users to compromised websites: tricking users to give out information and, of course, money. It was earlier reported that a barrage of messages using the earthquake as a hook for spam emails has been seen. For example, spammed emails that peddle medicine will make use of the Nepal earthquake as hook to grab user attention. Customized scam messages claiming to be sent by victims of the disaster have also surfaced.
Tapping into the giving spirit of users has been a go-to tactic for cybercriminals to dupe online users into sending them money for "help". Email messages claiming to have come from victims of the disaster and organizations pushing for relief efforts have also been circulating.
A malware campaign has also been sighted involving a spam message with a malicious attachment that uses the Nepal tragedy as a lure. Clicking on the link downloads malware that's capable of logging keystrokes from the infected system before sending these over to a remote server.
The tragedy has also spawned fake versions of legitimate donation drives aimed at collecting relief efforts for Nepal. The ActionAid site was replicated and designed to look like the actual site to trick users into donating via PayPal.
What can you do?
Big global events like the tragedy in Nepal will remain as an effective tool that cybercriminals use to turn unsuspecting online users into victims. However, awareness will always be the most effective defense against the tactics mentioned above.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.