There have been reports of opportunistic online scams and attacks after the terrorist attack in Christchurch last week. The vector used are online donation fraud, malicious video files, defacement of NZ websites, and website disruption.
The scammers and attackers use the following:
- Phishing emails containing links to fake online banking logins, as well as fraudulent bank accounts where people can make donations for the victims of the Christchurch tragedy.
- A phishing email is an email which is sent to a wide range of people in the hope that a few will follow the instruction to make the exercise worthy of the effort. They usually contain links to website containing malicious content
- Sharing malicious video files on compromised websites or on social media. A shared on-line video file containing footage related to the attack can have malware embedded in it.
- Some attackers are changing New Zealand websites to spread political messages about the Christchurch tragedy
- Some New Zealand websites are receiving threats of denial-of-service attacks, which would take them offline.
There are official channels to donate money, please use them should you wish to make a donation.
What to do
If you receive a phishing email or have found a website hosting political messages, report it to CERT NZ.
If your website has been taken over with political content relating to the tragic events in Christchurch, report it to CERT NZ.
CERT NZ recommend you consent to share your report with the NZ Police.
This is not something new: online scams and attacks frequently use disasters and tragedies as opportunities for “business”
If any of the terminology used is confusing you, feel free to comment and I will make the confusing part the subject of a subsequent posting.