The FBI warned yesterday that hackers were using the lure of fake photos and video of a dead Osama bin Laden to spread malware to unsuspecting Internet users.
As the Obama administration weighed releasing photos of the dead bin Laden, the FBI said that fake versions of the photos were being used to spread malicious software which “can embed itself in computers and spread to users’ contact lists, thereby infecting the systems of associates, friends, and family members.” The viruses, the FBI warned, can be programmed to steal personally identifiable information.
“In the wake of large news events, it is common for malicious actors to take advantage of increased media attention by implementing associated ‘spear phishing’ attempts,” a separate advisory from National Cybersecurity & Communications Integration Center warned. “These emails will often contain embedded links or purport to include exclusive photos or videos, either found on suspicious websites, or included as attachments or links in emails.”
Here are the FBI’s recommendations:
The Internet Crime Complaint Center (IC3) urges computer users to not open unsolicited (spam) e-mails, including clicking links contained within those messages. Even if the sender is familiar, the public should exercise due diligence. Computer owners must ensure they have up-to-date firewall and anti-virus software running on their machines to detect and deflect malicious software.
The IC3 recommends the public do the following:
- Adjust the privacy settings on social networking sites you frequent to make it more difficult for people you know and do not know to post content to your page. Even a “friend” can unknowingly pass on multimedia that’s actually malicious software.
- Do not agree to download software to view videos. These applications can infect your computer.
- Read e-mails you receive carefully. Fraudulent messages often feature misspellings, poor grammar, and nonstandard English.
- Report e-mails you receive that purport to be from the FBI. Criminals often use the FBI’s name and seal to add legitimacy to their fraudulent schemes. In fact, the FBI does not send unsolicited e-mails to the public. Should you receive unsolicited messages that feature the FBI’s name, seal, or that reference a division or unit within the FBI or an individual employee, report it to the Internet Crime Complaint Center at www.ic3.gov.