Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Malaysia Airlines’ flight MH370 disappearance spawns Facebook-themed scams

Ike Suarez | March 28, 2014
Two computer security vendors issue separate reports

Cybercriminals have exploited news hoaxes on the missing Malaysia Airlines Flight MH370 as lures for Facebook-themed scams, according to two vendors of computer security solutions.

The vendors are the San Diego, California-based Websense and the Tokyo-based Trend Micro Inc. which issued separate press  statements on the matter.

The statements were based on threat data gathered by their respective malware monitoring arms, Websense ThreatSeeker Intelligence Cloud and TrendLabs.

The data were gathered as a result of Internet users globally seeking to follow developments online on the search for the missing Malaysian plane which disappeared March 8 while on the way to Beijing from Kuala Lumpur.

News Hoaxes

The Facebook-themed scams involved news story hoaxes about the airline's having at last been found in various parts of the globe.

While the separate statements reported on different news hoaxes, there were near similarities in the modus operandi of the cybercriminals.

The Websense statement said its ThreatSeeker Intelligence Cloud had monitored Websites appearing as legitimate Facebook sites that announced sightings of the missing airliner.

These sites were complete with sharing buttons, suitable graphics and relevant links.

If a user, interested in finding out the latest news in the search for the missing airliner, were to browse these sites, he or she would then be presented with a series of dialogue boxes, eventually leading to a Facebook popup supposedly  referencing a Yahoo! News article.

He or she would then be enticed to share the link and therefore further spread the threat.

The lured user would then be presented a news video requiring him or her to take a short test before being granted further access to the news hoax.

Based on the modus operandi, the Websense statement said the aim of this lure was to generate revenue as part of a cost per action (CPA) lead scam.

On the other hand, the Trend Micro statement said its TrendLabs monitoring centre had uncovered Facebook-themed scams with news hoaxes on the missing Malaysian airliner as lures.

Description of the scam techniques indicated near similarities to those reported by Websense.

One such file enticed netizens to use the site and once they did so, a backdoor would unload additional files.

It would also collect additional information such as the users' IP address.

This prompted Trend Micro in its statement to issue an advisory for users following developments on the missing Malaysian Airlines Flight MH 370 to access only reputable news sites, not social media links.



Sign up for Computerworld eNewsletters.