Security experts are warning that some cyber-criminals are seeking to exploit public excitement ahead of the royal wedding on 29 April, unleashing an array of malware campaigns including phishing and spam emails.
Security firm Symantec has uncovered a number of scam email campaigns offering royal wedding memorabilia, including a replica of Princess Diana’s engagement ring, limited edition Buckingham Mint commemorative coins, and customisable mugs and t-shirts. Links in the emails redirect the user to a spam product site.
Furthermore, Symantec warns that black hat SEO techniques are being used in “fake” pages to lure people looking for news related to the royal wedding. At one point, a search for “william and kate movie imdb” returned 61 malicious links in the first 100 search results, the security firm said.
Other search terms currently returning poisoned links include “william and kate movie cast”, “royal wedding guest list bush”, and “princess diana death facts”.
“We have seen over 500 compromised sites being used in this campaign over the past few days,” said Symantec’s Suyog Sainkar in a blog post. “Attackers create multiple fake pages on each site and use unethical SEO techniques – such as keyword stuffing, cloaking, and link farming – to ‘game’ the search engine algorithms to achieve high search engine rankings.”
“Everyone loves a good wedding and it appears hackers are no different,” said Imperva’s CTO Amichai Shulman. “While we’re not surprised by the results it is worrying that criminals are systematically jumping on every opportunity to illegally make money by identifying, and utilising, revenue generating opportunities that utilise stolen credentials or inject malware.”
“The royal wedding is another reminder that organisations need to be vigilant to hosting phishing sites and act promptly to take them down if non-security savvy individuals are to be protected,” he added.
Imperva advises Internet users to ensure their computer’s security software is up to date and refrain from responding to emails from people they don’t know offering leaked information or sharing secrets from someone “close to the happy couple”.
Email scammers are increasingly using such high-profile events to target victims. Previous phishing scams have addressed news items such as the volcanic ash cloud and the Haiti earthquake – where phishers got four million downloads in ten days – and the launch of the iPad.
Earlier this year security services firm Webroot warned that UK citizens in a hurry to get their tax returns in before the final deadline were in danger of falling for email phishing scams, which await these vulnerable users.
Although most people are wise to such scams, enough still succumb to make it worth the villains’ while, said Greg Day, director of security strategy for McAfee in EMEA, speaking to eWEEK Europe last year.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…