Two-bit scammers are generating near-instant obituaries for recently deceased strangers, taking advantage of vulnerable loved ones and potentially infecting their devices with malware.

A new Secureworks blog post highlights just how rapidly these fake obits can be created and disseminated, as well as the potential risk that more sophisticated attackers could use the same scheme to cause more serious consequences for victims.

Duping Mourners

Tony Adams, senior security researcher at Secureworks, first became attuned to the fake obit scam when a colleague passed away late last month.

“I got introduced into this because I was searching for information [about the death], and an obituary that got passed around within a friend group was one of these fake obits,” he recalls.

It’s a common situation, especially with the speed at which information tends to travel these days. People hear about the deaths of family, friends, and acquaintances sometimes days before any official obituary is published.

“There’s going to be a time period when there’s search activity but no obituary exists yet. And scammers have found a way to sort that information void through SEO manipulation,” Adams explains.

It begins as scammers monitor Google search trends to identify potential interest around somebody’s obit.

Then, in those hours just after the passing, chatbots are used to quickly create fake obits based on publicly available information about the deceased and spread across multiple fake funeral and memorial sites.

In the case of Adams’ colleague, half a dozen seemingly unrelated websites published slightly varying obits, each referencing the same few, specific details that had clearly been gleaned from an athletics-themed Facebook group of which he was a member.

Post-Mortem Consequences

Anyone who visited these sites was redirected to further spam sites, and presented with CAPTCHAs which, when clicked, triggered pop-up notifications with fake virus alerts. 

Ironically, the aim here was to get victims to subscribe to cybersecurity solutions like McAfee, at which point the threat actor would receive a commission via an affiliate ID embedded in their malicious URL.

The same steps can be followed just as easily to spread malware, and claim targets beyond just the individual in grief.

“When I started pulling the thread on this, I was surprised to see how many people within corporate environments were visiting these fake obituary sites,” Adams says. In one case he observed, multiple employees of the same company were ensnared following the death of their colleague. “I saw no malware being installed, but yeah, the same scheme could be adopted by those who are more capable and have different intentions.”

What Google’s Doing to Help

To boost their yields, scammers can stuff their fake obits with relevant keywords that push them quickly up the Google search rankings.

This, though, may be tougher to do now than it was even just a month ago.

On March 5, Google announced changes aimed at rooting out low-quality spammy search results, at one point specifically referencing obituary scams. Though vague on the details, the company wrote, “we expect that the combination of this update and our previous efforts will collectively reduce low-quality, unoriginal content in search results by 40%.”

“If you were to try and Google my acquaintance’s obituary right now,” Adams reports, “those results wouldn’t turn up like they did in the initial hours and days that I was researching this.”

Source: www.darkreading.com