Dec. 25, 2012 — -- intro:
What happened in Newtown, Conn., was horrific. What follows is often despicable --namely deviants and con artists targeting both victims and rescuers. Cyveillance, an internet security firm, has been tracking threatening web traffic following disasters --both natural and manmade-- for a couple of years now. The company works to protect many of the firms in the Fortune 50 and wanted to share some of its normally expensive knowledge with the rest of us as a public service.
Immediately following the Newtown shootings, Cyveillance executives directed their team to run what they call a "threat analysis" on the victims and their families. Scouring websites and social media, they found examples of an unhealthy fascination with other people's misfortune. They also ran shooter Adam Lanza's name and found un-funny web traffic such as a Facebook page called "R.I.P. Adam Lanza" that listed "Awards" on the About page for a "killing spree" and "headshot(s)."
In a blog post, Cyveillance said, "Regrettably, in addition to working through the grief, uncertainty and pain of an event, victims, their families and others must protect themselves and become far more aware of their physical security and cyber security in a post-incident environment." Here, then, are the top five web threats Cyveillance says it has observed following tragedies. The company suggests that being aware of them is the first step in protecting ourselves.
quicklist: title: Fraudulent Linkstext: Cyveillance often finds fraudulent links embedded in emails, websites, social media, and text-messages following a disaster. They may have lurid or alluring tag lines like "Click here for exclusive photos from inside the school." Curiosity seekers who click will often unwittingly download malware that can disrupt their computer or give crooks access to sensitive personal information.
quicklist: title: Fake Fundraising text: I've preached in the past about the risk of giving to a fake charity in the days after a disaster. Cyveillance goes further, charting out new ways that it's done. The latest? Twitter and Facebook pages that claim to be posted in memory of a victim and solicit money.
quicklist: title: Identity Thefttext:
A common identity theft tactic is to use the Social Security numbers of the dead. Bad guys can easily trawl the obituary pages to get this information, but in a mass, highly publicized death the risk is even greater because, unfortunately, the victims are suddenly famous for their tragic end. Plus, often victims' ages, relatives, and towns are named in news coverage, giving crooks more of the pieces of the puzzle that they need.
quicklist: title: Spear-Phishingtext: You've heard of the "phishing" scam where con artists blindly blast out millions of emails to random people claiming to be with their bank and asking for their account information. Spear phishing --as the name implies-- is more targeted. Thieves go after people who are known to have money and use more specific schemes to get to them, such as a fake email claiming to be from the CEO of their company. Since Newtown is an affluent area, residents there could be particularly at risk.
quicklist: title: Copycatstext:
Finally, and perhaps most chillingly, Cyveillance often sees copycat posts after a disaster. In other words, unstable people may go to online forums and express their admiration for the killer. These upsetting messages pop up right away, but can also fester. For example, Virginia Tech shooter Seung-Hui Cho was reportedly transfixed by the Columbine shootings that took place when he was in 8th grade, and wrote about wanting to "repeat Columbine" in a school assignment, but didn't follow through until his senior year in college.