Opportunistic actors are seeking to turn a quick profit from the tragic events last week in Christchurch, New Zealand, by engaging in online scams or by spreading malware embedded in content related to the gruesome attack.
Almost 50 people lost their lives in the Christchurch shooting, prompting nation-wide support for those affected. More than NZ$8 million (US $5.5 million) were raised from more than 100,000 contributors through donation pages set up on Givealittle and LaunchGood crowdfunding platforms.
Celebrities like Madonna, Ben Stiller, Chris Rock, and Ashton Kutcher also helped the cause on other a GoFundMe page set up by Guy Oseary, Madonna’s and U2’s manager, who donated US $18,000. Rugby player Sonny Bill Williams partnered with non-profit MATW Project to raise funds for the victims.
Phishing emails with fake donation accounts
The Computer Emergency Response Team (CERT) in New Zealand received reports that scammers use the tragic incident as a theme for phishing emails with fake online banking login links and fraudulent bank accounts to donate to those affected by the Christchurch events.
Westpac New Zealand bank also issued a scam alert about emails pretending to be from the organization and requesting donations for the victims of the Christchurch attacks.
The messages have the Westpac logo but have a link to a page on the Mothers Awakening website. The phishing page is currently marked as deceptive in both Google Chrome and Mozilla Firefox.
Furthermore, the emails provide a fraudulent account number for donations and notify donors that they will not receive a receipt for their contribution, which would help them their charity tax refund.
Malware, defacement, and DoS threats
In a public service announcement on Monday, CERT NZ also notes that attackers also spread malicious video content through compromised websites or on social media.
“A video file containing footage related to the attack had malware embedded in it and this malicious file is being shared online,” warns the cybersecurity body.
The mass shooting was live-streamed on Facebook and the video spread to other social media platforms and forums, triggering a reaction from major internet providers in the country to block the websites that distributed the content until it was removed.
There are reports that some New Zealand websites were defaced to distribute political messages about the Christchurch mass shooting, while others received threats that they would be taken offline via denial-of-service (DoS) attacks.
CERT NZ recommends those that want to donate money to use official platforms and banks, and avoid links received by email or on social media.
To read the original article: https://www.bleepingcomputer.com/news/security/fraud-cyber-attacks-and-phishing-follow-christchurch-attack/