Some say that disasters and crises reveal two sides of human nature: one to help, the other to destroy. The recent disappearance of Malaysia Airlines MH370, taking off from Kuala Lumpur to Beijing on Mar. 8, has been the newest testament to that. While most of the public share worries and prayers, a few see the crisis as an opportunity to exploit unsuspecting users, with cybercriminals luring online users to counterfeit websites that, in turn, steal personal data.
Internet security firm Trend Micro disclosed in The Sydney Morning Herald the new modus operandi and warned the public to practice utmost caution when following shared links on social media pertaining to news on the still-missing plane.
"Given the heightened interest in the missing flight, it was only time [before] cybercriminals used it to their advantage," said Paul Oliveria, a TrendLabs expert. TrendLabs is the global network of research, service and support centres of Trend Micro.
Tragedies such as the Boston Marathon bombing, Tsunami in Japan, and super typhoon Haiyan in the Philippines were also used by cybercriminals in the past, according to Trend Micro.
"Anything involving a potential disaster is big money for the scammers, as there's a split between clickers with a penchant for salacious content and those who simply want to know if a relative is OK, or if there's any more news on a breaking disaster," said Malwarebytes intelligence analyst Chris Boyd.
So how does it work?
According to TrendLabs, an executable file disguising as a video makes it possible for scammers to collect personal data of users, such as their IP address. Even scam headings and links such as '(BREAKING NEWS) Malaysia Plane Crash into Vietnam sea MH370 Malaysia Airlines is found!' or 'Missing Malaysia Airlines Flight MH370 plane found in Bermuda Triangle' video went viral on Facebook. Other scam links shared by Time.com include, 'Shocking Video: Malaysian Airlines missing flight MH370 found at sea, 'Malaysian Airplane MH370 Already Found. Shocking Video Release Today by CNN, or 'Plane has been spotted somewhere near Bermuda triangle. Shocking videos released today. CNN news.'
These links lure and lead readers to a bogus page containing a "ready to play" video. Clicking further gets the video link shared, even before the user actually views it. Worse, it spreads malware.
"Sharing the video, of course, helps cybercriminals spread their malicious link to other users," explained Trend Micro. "After sharing, the user will be asked to verify his age by completing a test. The test was "nothing but another survey scam," it added.
Websense Security Labs, also a computer security company, shared the same Facebook scam, saying these scammers collect commissions when users click to download the media to see the so-called legit news or bogus prizes.
Meanwhile, Boyd said his company Malwarebytes initially discovered such bogus links on Twitter. He said the links came with "a mixture of tweets leading to known sites originally posted to Facebook and a new batch of spamblogs, survey scams [and] imitation news sites."
