AI Obituary Scams, a Cyber Risk to Businesses
AI obituary scams represent a burgeoning cyber risk targeting both individuals and businesses. Perpetrators employ rudimentary devices to swiftly generate fake obituaries for recently deceased individuals, often infecting the gadgets of grieving relatives. These fraudulent obituaries spread rapidly, exploiting the immediacy of information dissemination in today’s digital age. Tony Adams, a senior security researcher, stumbled upon this scheme following the death of a colleague. Scammers will monitor Google search trends to identify potential targets, then deploy chatbots to craft false obituaries using publicly available details about the deceased. These fabricated obituaries are disseminated across fake funeral and memorial websites, luring unsuspecting visitors into clicking on spam sites and encountering fraudulent virus alerts. Notably, scammers aim to profit by promoting cyber security solutions like McAfee, earning commissions through embedded affiliate IDs. While initially targeting individuals, these scams have also ensnared corporate employees, highlighting the broader threat to businesses. However, recent efforts by Google to combat spammy search results, including obituary frauds, offer some hope in mitigating the impact of such schemes. Despite these countermeasures, the evolving nature of AI driven scams necessitates ongoing vigilance and adaptation from both individuals and organisations.
This article highlights how quickly these fake obituaries can be written and spread, as well as the possibility that more sophisticated attackers will utilize the same strategy to cause cyber-risk more severe effects for victims.
Duping Mourners
Tony Adams, a senior security researcher at Secureworks, first became aware of the false obit fraud after a colleague died late last month. He explained, “My involvement began when I was seeking details about the death, and among the information circulating within a friend group was a funeral notice that turned out to be one of these false obituaries.” It’s a frequent occurrence, especially given how quickly information travels. People know of the deaths of family, friends, and acquaintances several days before an official obituary is published. “There will be a period of search activity but no obituary yet. And scammers have discovered a method to render that information useless through SEO manipulation,” Adams argues. It starts with scammers monitoring Google search trends to uncover possible interest in someone’s obituary. Then, in the hours following the death, chatbots are used to swiftly write false obituaries based on publicly accessible information about the deceased, which are then distributed across several fake funeral and memorial websites. Regarding Adams’ coworker, six ostensibly unrelated websites ran somewhat different obits, all citing the same handful of particulars lifted from an athletics-themed Facebook group he belonged to.
After Death Consequences
Anyone who visited these sites was sent to more spam sites and provided with CAPTCHAs, which, when clicked, resulted in pop-up notifications with fraudulent virus alarms. Interestingly, the goal was to get victims to subscribe to cyber security solutions such as McAfee, after which the threat actor would collect a commission via an affiliate ID embedded in the malicious URL. The same procedures can be used to propagate malware and claim targets other than the individual in pain. Adams expressed his surprise as he delved into tackling this issue, noting the significant number of individuals from corporate backgrounds accessing these fraudulent obituary sites. He observed a scenario where multiple employees from a single organization engaged with these sites following the passing of a coworker. Despite the absence of malware deployment in this instance, Adams cautioned that more seasoned individuals with alternative motives could easily adopt a similar scheme.
Cyber Risk: What Google’s Doing to Help
To increase their profits, scammers would include in their fake obituaries, key keywords, driving them swiftly up the Google search rankings. This, however, may be more difficult to achieve given it was even a month ago. On March 5, Google announced updates targeted at removing low-quality spammy search results, explicitly mentioning obituary frauds. Although lacking specific details, the company expressed its anticipation that the combination of this update and previous efforts will lead to a collective reduction of low-quality, unoriginal content in search results by 40%. Adams remarked, “If you were to search for my acquaintance’s obituary on Google at this moment, you wouldn’t find the same results as you did during the initial hours when he was investigating this matter.”
CTA
Tune in to Cyber News Live for real-time updates and expert analysis on cyber risk in the digital era.
