Small-time scammers are generating near-instant obituaries for recently deceased strangers, taking advantage of vulnerable loved ones and potentially infecting their devices with malware.
A new post on the Secureworks blog highlights the speed with which these fake obituaries can be created and spread, as well as the potential risk that more sophisticated attackers could use the same scheme to cause more severe consequences for victims.
Duplicate mourners
Tony Adams, a senior security researcher at Secureworks, first became aware of the fake obit scam when a colleague died late last month.
“I was introduced to this because I was looking for information [about the death]and an obituary that was circulating within a group of friends was one of these fake obituaries,” he recalls.
It’s a common situation, especially given the speed at which information tends to travel nowadays. People learn of the deaths of family members, friends and acquaintances sometimes days before any official obituary is published.
“There will be a period where there will be search activity but there is no obituary yet. And scammers have found a way to sort through that blank information SEO manipulation“explains Adams.
It all starts when scammers monitor Google search trends to identify potential interest around someone’s news story.
Then, in the hours immediately following the death, chatbots are used to quickly create fake obituaries based on publicly available information about the deceased and spread across multiple fake funeral and memorial sites.
In the case of Adams’ colleague, a half-dozen seemingly unrelated websites posted slightly different obituaries, each referencing the same few specific details that had clearly been gleaned from an athletics-themed Facebook group of which he was a member.
Post-mortem consequences
Anyone visiting these sites was redirected to further spam sites and presented with CAPTCHAs that, when clicked, triggered pop-up notifications with fake virus warnings.
Ironically, the aim was to convince victims to subscribe to cybersecurity solutions like McAfee, at which point the threat actor would receive a commission via an affiliate ID embedded in their malicious URL.
The same steps can just as easily be followed to spread malware and target targets beyond just the grieving individual.
“When I started pulling the thread on this topic, I was surprised to see how many people within corporate circles were visiting these fake obituary sites,” Adams says. In one case you observed that multiple employees of the same company were trapped after the death of their colleague. “I haven’t seen any malware installed, but yes, the same scheme could be adopted by those who are more capable and have different intentions.”
What Google is doing to help you
To increase their returns, scammers can do this fill their fake obituaries with relevant keywords which quickly push them up the Google search rankings.
This, however, may be more difficult to do now than just a month ago.
On March 5th, Google has announced changes aimed to eliminate low-quality spammy search results, at one point making specific reference to obituary scams. While vague on specifics, the company wrote, “we expect that the combination of this update and our previous efforts will collectively reduce low-quality and unoriginal content in search results by 40%.”
“If I were to try to Google the obituary of an acquaintance of mine right now,” Adams reports, “those results wouldn’t show up like they did in the initial hours and days when I was researching this topic.”