Cybercriminals don't take anything seriously, Avoid 9/11 Anniversary Scams




United Airlines Flight 175 crashes into the south tower of the World Trade Center
complex in New York City during the September 11 attacks. Credit: UpstateNYer

The 10-year anniversary of Sept. 11 arrives in a world infinitely more connected than it was in 2001. The channels through which we communicate nearly instantaneously now, namely Facebook and Twitter, have become invaluable tools for people around the world to share their stories and memories of that fateful day.

For online criminals, however, Sept. 11, 2011, is momentous for another reason: it's a time when the nation will be glued to the Web. For soulless scammers, this means the pool of potential victims will not only be gigantic, but filled with people whose sympathies and patriotism will be high and whose guard will, naturally, be down.


"Do online scammers ever respect the sanctity of an event? Absolutely not," Jonathan Gossels, president and CEO of the Massachusetts-based security firm SystemExperts, told SecurityNewsDaily. "I don't think anybody in the hacking community is predisposed to honor victims of September 11."

"Cybercriminals don't take anything seriously," added Michael Chen, product-marketing manager for the security firm PC Tools. "Nothing is off- limits."

With that in mind, here are some tips to help you recognize — and avoid falling victim to — the multitude of scams that are sure to overwhelm the Web this 9/11.

Poisoned pics and viral videos

When 9/11 mastermind Osama bin Laden was finally killed on May 2, it took just minutes for cybercriminals to spring into action with a heap of new scams, many of them claiming to have "exclusive" or "unseen" pictures and video of the tactical strike that ended bin Laden's life.

Those pictures and videos, of course, were fake; clicking on them compromised users in a number of ways, leading victims to corrupted Adobe Flash Player plugins or compromised pictures that had been rigged to show up in search results — a tactic called SEO poisoning.

Ondrej Krehel, chief security officer for the Arizona-based security company Identity Theft 911, expects the 10th anniversary of 9/11 will be no different. "Hackers will continue luring consumers to the secret images and videos related to bin Laden and 9/11," Krehel told SecurityNewsDaily.

How can you recognize when a scam is starting?

If your computer prompts you to download a plugin or any other software to view a photo or video, this is a huge red flag, Gossels said.

As a rule of thumb, "everything you need to view content is already on your computer," Gossels told SecurityNewsDaily. "If a site says you need to install something, it's most likely a lie."

'Friends' can be enemies.

In addition to the technological tricks cybercriminals have at their disposal, they will also deploy social engineering scams to prey on people's emotions.

The implicit trust built into social networking sites can be problematic, Gossels said. He urges people to be suspicious of any links or messages, even if they appear to come from a trusted contact.

"Friends and family members are not security experts," Gossels told SecurityNewsDaily. If a friend's Facebook profile is hijacked, that friend becomes "one step removed from a cybercriminal."

To avoid falling victim to a social engineering attack, Krehel said, "Stay aware, and think twice before clicking on links from friends. Hackers can impersonate anyone, and social engineering is one of the most successful attacks."

Where is your donation money really going?

It's only natural that organizations that support victims of a tragic event would set up websites to handle donations to their cause. This happened after the March 11 earthquake and tsunami that devastated Japan, and after Sept. 11, 2001.

If you receive an email from any organization requesting money, however, take caution, as this is a route of attack often favored by Internet crooks.

"Be suspicious of any unsolicited emails that ask for financial assistance," Gossels said. "Legit charities will not be reaching out to you online in unsolicited emails."

Fortify the castle

Advice can only go so far. No matter how safe you are, how suspicious, the bottom line is that you need to support your best practices with strong and varied defenses on your system.

"Have your computer ready for full Internet experience," Chen said. "Keep it updated with the latest browser and security patches and make sure your security suites are updated properly."

Gossels called this practice "defense in depth," a multi-pronged approach to security involving not just user awareness but anti-malware and anti-virus programs, firewalls, adware and anti-spyware programs.

Once you've updated your Web browser and your operating system and made sure you're running up-to-date anti-virus software, the rest, Gossels said, is up to you.

"If you're not using your head," he said, "you're going to be vulnerable."