New Zealand’s government has issued a warning that a number of online scammers are using the Christchurch tragedy that occurred last Friday (March.15th) as an opportunity to target well-wishers and charity donors, according to a new report.
CERT NZ, the incident response and cybersecurity branch of the central government, has advised people on what to look out for, as cybercriminals look to exploit the incident that saw almost 50 people lose their lives.
Phishing emails and malicious video files
CERT NZ said that cyber attackers are sending phishing emails that contain links to fake online banking logins that are disguised as legitimate donation pages.
In their report, CERT NZ also notes that attackers are distributing malicious video files through compromised sites or on social media.
“A video file containing footage related to the attack had malware embedded in it and this malicious file is being shared online,” researchers said.
Cybercriminals are reportedly defacing New Zealand websites to spread political messages about the Christchurch tragedy, while other websites have been threatened with denial-of-service (DoS) attacks that force them offline.
Anyone wishing to donate towards victims families is advised to contact the official platform directly, rather than clicking on links in emails or on social media.
CERT NZ also advised anyone who has received phishing emails or has found a website hosting political messages to contact them.
More than NZ$8m (US$5.5m/£4.1m) was raised from more than 100,000 contributors through donation pages on crowdfunding platforms like Givealittle and LaunchGood.
“Unfortunately, cybercriminals and other fraudsters willingly exploit dramatic events to drive high profits to their pockets,” said Ilia Kolochenko, CEO of High-Tech-Bridge.
“Usually, people are very sensitive and emotional about such events and thus will react will less precaution and care. High click-rate, even from experienced users, is low-hanging fruit for the attackers. Worse, they may speculate on the feelings by offering something exclusive or pretending to tell “the truth” about the event. Less intrusive, but similarly unscrupulous profiteers create fake donation websites and collect money from unwitting citizens.
“If you receive a message, email or even a phone call, ascertain that the person or organisation behind it is real and has a legitimate basis to undertake the activity. Report any suspicious cases to your local CERT or police.”