As news about the Ebola pandemic flooded the Internet, cybercriminals seized the opportunity to use the widespread reports as bait to lure unsuspecting victims to open fake emails. These emails ultimately lead to phishing attempts, where the victim's information and credentials are stolen.
Phishing scams are one of the most common end-goals of social engineering schemes. The Ebola spam mail could lead users to click on an embedded link that directs them to a suspicious website that showcases a video. While the video itself is harmless, it contains an offer to purchase a so-called family survival kit. To add credibility, a fake Facebook-style comment box is displayed for interaction, however, it's actually just a template that won't allow the user to comment. The spam mail itself doesn't carry any malicious attachments, but anyone who decides to purchase the survival kit may fall prey to a possible phishing attack.
Recently, we also discovered another spam mail leading to a notorious RAT, DarkComet that used the Ebola news again to lure users to malicious sites. In this case, the user may unwittingly download a file that can give a cybercriminal remote access to their systems.
As more Ebola-related news develops, we advise users to be wary of suspicious links, ads, offers, or anything that uses “big news” as bait. As much as possible, read from trusted sources and don’t get tricked into opening attachments, clicking on links that offer solutions sympathy pleas. Additionally, make sure that your security software is updated and running regular scans to block likely intrusions.
Like it? Add this infographic to your site: 1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).