Fake Pope story is bait in unholy malware scam

A fake news story that claims to offer shocking information about newly-appointed Pope Francis is making the rounds via e-mail. Spammers are using the resignation of Benedict XVI and the election of a new pope as an opportunity to spread malware.

Clicking on the fake story leads users to a website that hosts the Blackhole Exploit Kit, according to reports from Yahoo! Finance, cyber-security companies Symantec and Commtouch and others. The Blackhole Exploit Kit can be used to deliver various types of malware.

The spam e-mails have reportedly come from a fake sender email address named “CNN Breaking News.” Reported subject lines in the e-mail include:
• Opinion: Family sued new Pope. Exclusive!
• Opinion: New pope tries to shake off the past
• Opinion: Can New-Pope Benedict be Sued for the Sex Abuse Cases?
• Opinion: New Pope, Vatican officials sued over alleged sexual abuse!
• Opinion: New Pope Sued For Not Wearing Seat Belt In Popemobile…

Better Business Bureau warns consumers not to click the link. If you receive this e-mail, delete it without clicking any links. If you have already clicked a link in a similar e-mail, run an antivirus software program to find and delete the malware.

BBB reminds consumers to be wary of any e-mails from unknown senders, or suspicious e-mails from people you know. Here are a few tips to help avoid malware, spyware and phishing (attempts to steal your personal information via email):

Never reply to an email that asks for personal information. Even if the e-mail appears to be from a trusted source, this may be a phishing attack, where someone is trying to illegitimately obtain your personal or financial information. Delete the e-mail immediately.

Do not click on any links from unfamiliar sources. This may be a phishing attack, where someone is trying to redirect you to a website that may infect your computer with malicious code. If you really want to check out a link sent to you by email, research the company or individual first to confirm they are trustworthy. If so, then manually retype the link into a secure web browser.

Keep anti-spyware, anti-virus and anti-spam software up to date. While consumers are ultimately responsible for keeping personal and financial information private, these technologies are designed to help keep phishing attacks at a minimum.

One Comment

Comments are closed.