As most people know by now, a large earthquake struck Nepal a few days ago causing massive amounts of damage and deaths in the thousands. After most large tragic events like this, unfortunately scammers come out of the dark corners of the internet to take advantage of the publics kindness in wanting to assist in situations like this. We’ve seen it many times and unfortunately with the Nepal earthquake, it’s no different.

We’ve been seeing a slow influx of messages mentioning the earthquake as an attention getter for normal spam. Things like diabetes medicine spam will have a quick news sentence at the top about the earthquake to get a users attention and then go on to try and sell whatever the original goal was. We’ve also seen customized 419 scam messages coming in claiming to be victims of the earthquake. The theme is similar to normal 419’s where they want you to help them with their large amounts of money, but specifically focused around recent events with the earthquake.

Screenshot from 2015-04-29 08:53:32

There have been some emails claiming to be part of relief funds that are just phishing for responses as well. Responding to messages like this opens up a can of worms allowing the attacker to focus on the user and try to convince them to send money somewhere. In a case like a large disaster, they may focus on using guilt to force a user in to sending money which can be a very effective method.

Screenshot from 2015-04-29 08:48:51

There was a small virus campaign that happened as well. It looks like the exe was having some issues though since it seemed to keep crashing shortly after starting. However I did see some keyboard hooking so it was most likely a small keylogger that would record keystrokes and send them off to a remote server.

Screenshot from 2015-04-29 08:56:27

 

 

It’s always unfortunate to see spammers and virus campaigns focus on taking advantage of peoples good will in wanting to help. We always see these types of things after world news worthy events and we will probably continue to see it. This doesn’t mean users should ignore any emails asking for support or help since there will be legitimate companies and organizations seeking support. But users should be mindful of emails pertaining to recent events since that can be a major focus in campaigns over the coming weeks. Researching charities or dealing with known companies on their public websites and avoiding unknown or unexpected attachments are good steps to make sure you aren’t getting scammed or running viruses.

 

3 Responses

Trackbacks/Pingbacks

  1. “We Need Your Support” Nepal Earthquake 419 Spam | Malwarebytes Unpacked
  2. Nepal earthquake scam: out for a duck… - The AVIEN Blog
  3. Homepage

Have a thought on this article? Share it here.