Cyber bandits exploit breaking news to spread scams

Big media events — Osama bin Laden's death, royal wedding — create new opportunities for scammers

May 06, 2011|By Gus G. Sentementes, The Baltimore Sun

Nikki Yancey knew that no pictures had been released of Osama bin Laden after the terrorist leader was killed this week in a lightning raid by U.S. commandos in Pakistan.

So she was surprised when a friend reported that Yancey's Facebook account had tried to entice her 600-plus friends to click on a link that allegedly would bring up photographs of the dead al-Qaida leader.

In reality, no such images were available.

What happened? Yancey's social networking identity had been hijacked.

"I didn't even know it had posted. I didn't even know what it was," Yancey said of the malicious link, which spread "malware" to any of her Facebook contacts who clicked on it. Yancey, 31, a Baltimore firefighter-paramedic, said she logs on to Facebook only a couple of times a week and did not realize the link had been disseminated until her friend tipped her off.

Cybercriminals' latest technique to spread spam, steal identities and defraud individuals and companies exploits the public's interest in breaking news to lure Internet users to click on links supposedly leading to juicy photos and articles.

Spammers and scammers are "finding the next set of weak points," said Anupam Joshi, professor of computer science at the University of Maryland, Baltimore County. "One of the weak points in the age of instant news is: 'Hey, did you hear?'"

This has been a banner year for news. Online spammers and scammers have plied their trade during the unrest and revolutions in the Middle East; the earthquake, tsunami and nuclear emergency in Japan; the British royal wedding; and, most recently, bin Laden's death.

Online experts say that a flurry of cyberattacks now follow major news events, with malware typically contained in web links featuring irresistible headlines.

The number of complaints to the Internet Crime Complaint Center, a partnership between the FBI and the Virginia-based National White Collar Crime Center, has grown annually, from around 50,000 in 2001 to more than 300,000 last year, according to the complaint center. Payment and nondelivery of merchandise was the top crime category, while various scams, identity theft, spam and fraud joined the Top 10 list of online crimes.

While most online scam victims aren't seriously inconvenienced, studies of online scams and attacks show that cyberfraud can cost billions of dollars annually for individuals and corporations.

At a minimum, cybersecurity experts say, spammers collect email and Facebook contact information from victims in order to spread annoying, unwanted marketing messages, called spam.

More serious attacks can cost computer users their passwords, bank account information — and identities. Some programs can hijack computers and turn them into networked "zombies," able to store illegal files or attack other computers, all without the owner's knowledge.

In other attacks, an online intruder masquerades as someone the recipient trusts, fooling the Internet user — often a corporate employee — into giving access to a secure network.

With the rise of social media, millions of users of Twitter and Facebook are susceptible to unknowingly spreading malicious links. Within days of the latest bin Laden scams' proliferation, the FBI and chapters of the Better Business Bureau issued alerts warning people to watch out for online tricks.

Scammers dressed up their links to look like news alerts from reputable sites, such as CNN or the BBC.

"It's becoming increasingly difficult to see the difference between legitimate links and malicious links," said Tim Armstrong, an analyst of malicious software at Kaspersky Labs, an international company that battles computer malware.

A complete picture of malware's economic toll is hard to paint because banks and other corporations typically don't disclose the full financial impact of computer fraud, experts say.

Some scams have been around for years. What is new, experts say, is scammers' use of breaking news events as a hook to lure online users to click on dangerous links.

In April, during the hubbub surrounding the royal wedding in England, cybercriminals bought search terms on Google that pointed online users to their malevolent sites. Terms such as "william and kate movie imdb" and "royal wedding guest list 2011" frequently led people to malicious websites, according to Symantec Corp., the California-based anti-virus company.

Experts in the economics of online crime say cybercriminals have become sophisticated and well-organized over the past decade. A large, worldwide black market traffics in various tools that cybercriminals use to steal online identities and bank account information.

In a paper titled "The Economics of Online Crime" published in the Journal of Economic Perspectives, researchers described how criminal networks have created a large online market in bank account, credit card, identity and online auction account information. Every piece of stolen data has a price on the black market, the researchers said.

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.