Subscribe to this blog

Scareware scammers exploit bogus rumours of Emma Watson's death

Published 11:10, 28 July 09

Tags: security

Subscribe to this blog

At the end of last week, a breaking news story began to spread across the message forums and social networks sharing details of how a popular young actress, adored by millions around the world, had died in a car crash.

Here's an example of the kind of story that was being seen, spread via links to third-party sites:

On July 24, 2009, Watson was en route to her mansion in Oxfordshire, England. Police footage captured her driving with speeds up to 80 miles per hour on very narrow roads. Oxfordshire paramedics received a 999 call at 12:22 p.m. (GMT), about an sportcar having crashed into a wall at a petrol station. At this point it was still unknown that the victim was indeed Emma Watson. Three minutes after the call got through, paramedics arrived at Watson's location. She was reportedly not breathing and the car was total loss. After 5 minutes the Oxfordshire Fire Department managed to get Watson out of her car. Resuscitation efforts continued en route to the Oxfordshire's Medical Center, and for an hour after arriving there at 1:45 p.m. (GMT). She was pronounced dead at 2:10 p.m. (GMT).

Fans of Emma Watson, who plays teenage wizard Hermione Granger in the Harry Potter films, posted their sadness and shocked disbelief at the story of how a car she was travelling in had crashed in the early hours of the morning. In their rush to spread the tragic "news", a lot of people forwarded or reposted the report, without checking a credible news site like BBC News Online first.

After all, with a story that big, there's a natural desire to want to share the story with your online friends as quickly as possible if you believe that they would be interested. And if you're a fan of Harry Potter you may well be friends with many other wizard-wannabees.

Hungry to know more, many of the teenage star's followers sought started to Google for more information and that's where the hackers swooped in.

Cybercriminals had, as ever, been quick to jump on the bandwagon. By following the latest Google Trends, hackers are able to stuff webpages with keywords and content, luring unwary surfers into visiting their dangerous websites.

This technique of jumping on the coat tails of a breaking news story (even a fake one, like the supposed death of Emma Watson) makes attacks much more timely, and increases the chances of hitting more victims. The hackers know that internet searches using phrases asking if Emma Watson has died are taking place right now rather than, say, in a couple of weeks time.

Unfortunately, if your search engine brings you to one of these recently-created webpages claiming to contain details of Emma Watson's death what you'll actually find is rogue anti-virus software (also known as scareware or rogueware), designed to scare you into making an unwise purchase.

The guys at Websense summarise the threat nicely on their blog.

Fake anti-virus products are one of the fastest growing threats on the internet, and attempt to frighten you into believing that your computer has a security problem and that you should purchase a solution from the very people who have tricked you. The latest Sophos research suggests that the problem has tripled in the last year.

So, next time you hear about a breaking news story, it might be wiser to visit an established news website like the BBC, CNN or Sydney Morning Herald, rather than using a search engine which might take you to a keyword-stuffed site harbouring malware.

Oh, and if you're still in any doubt, Emma Watson is very much alive.

Graham Cluley is senior technology consultant at Sophos, and has been working in the computer security field since the early 1990s. When he's not updating his other blog on the Sophos website you can find him on Twitter at @gcluley.