Criminals Exploit the Death of Pope Francis to Launch Scams

Extent of Social Engineering Scammers are exploiting the death of Pope Francis to launch social engineering attacks, according to researchers at Check Point.

The researchers note that threat actors often take advantage of high-profile tragedies and crises to exploit victims’ emotions.

“They typically begin with disinformation campaigns on social media platforms like Instagram, TikTok, or Facebook, uploading fake images generated by AI,” the researchers write.

“These campaigns are designed to capture user attention, prompting them to search for more information via search engines or click on links embedded within the images or posts. Once engaged, users may be redirected to fraudulent websites that serve various malicious purposes, from data theft to financial scams.”

In this case, the crooks are using AI-generated images of the Pope to grab users’ attention and trick them into visiting a malicious website.

“The link was hidden in a website promoting potential fake news about Pope Francis,” the researchers write. “Once a user clicked on one of the links, it redirected them to a fake Google page promoting a gift card scam—a common tactic used to trick individuals into handing over sensitive information or making payments.”

Check Point concludes that users should follow security best practices and maintain a healthy sense of suspicion to avoid falling for these attacks.

“Be cautious with sensational headlines or viral content, especially on social media,” Check Point writes. “If the news seems shocking, cross-check it through reputable media outlets.” The researchers add, “Don’t click on links from unfamiliar sources, especially in emails or social posts related to breaking news. Instead, type official news website URLs directly into your browser.”

New-school security awareness training can give your organization an essential layer of defense against social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Check Point has the story.

Don’t get hacked by social media phishing attacks!

Many of your users are active on Facebook, LinkedIn, and Twitter. Cybercriminals use these platforms to scrape profile information of your users and organization to create targeted spear phishing campaigns in an attempt to hijack accounts, damage your organization's reputation, or gain access to your network.

KnowBe4’s Social Media Phishing Test is a complimentary IT security tool that helps you identify which users in your organization are vulnerable to these types of phishing attacks that could put your users and organization at risk.

Here's how the Social Media Phishing Test works: