author photo
By Bruce Sussman
Mon | Mar 18, 2019 | 11:43 AM PDT

Here are two phishing examples that show how low hackers will go.

Cybercriminals are trying to make money off the New Zealand mass shooting that killed dozens of people.

And hackers are using the Ethiopian Airlines crash that killed 157 people, and fears over the grounded Boeing 737 Max 8, in a phishing campaign.

Phishing on fears over Boeing's 737 Max 8 crash

The 360 Threat Intelligence Center shared the following 2019 phishing email hackers have been sending, with the subject line, "Airlines plane crash, Boeing 737 Max 8."

boeing-737-crash-phishing-example

And according to @360TIC, the letter carries a cybersecurity busting payload:

boeing-737-crash-phishing-payload

Here is the Virus Total analysis of this phishing email's contents.

Cybercriminals trying to make money from mass shooting

And if a cyberattack built on the back of plane crash victims isn't low enough, how about trying to scam people who want to help victims of a mass shooting?

That's exactly what's happening following the New Zealand mosque shootings that killed at least 50 people in March 2019.

The world wants to help, and cybercriminals want to help themselves.

Cyber bad actors are spoofing Westpac, which is one of Australia’s four major banking organizations and one of the largest banks in New Zealand.

The email scam is asking for donations to help victims of the shooting, but a bank spokesperson told New Zealand's 1 News Now:

"These emails are NOT from Westpac and we advise anyone who receives one to forward it to phishing@westpac.co.nz. If you hover over the link you'll see it goes to a scam site called mothersawakening. The account number they supply is NOT the correct account for donations."

At last count, more than $5 million has been donated to a fund for New Zealand shooting victims, but it is unclear how much money the shooting email scam may have siphoned from that legitimate effort to help.

These are two excellent (and terrible) security awareness examples worth sharing with those you know or work with.

Because this is how low cybercriminals will go.

Comments