Scammers use generative AI to create fraudulent obituaries
Victims of fake obituaries may have personal information stolen or become infected with adware.
Security researchers at Secureworks’ Counter Threat Unit (CTU) have discovered a new tool in the hands of scammers: fake obituaries written by generative artificial intelligence.
The CTU has seen multiple examples of scammers creating fake obituaries, usually in the wake of a death that has caused many people to turn to Google to search for information about the deceased.
Scammers then use SEO poisoning to make their scam page rank higher in searches. When victims visit the page, which appears legitimate, they are pressured to install adware and other unwanted programs or become trapped in clickbait revenue-generating schemes.
“CTU analysis of an obituary from February 2024 suggests that generative artificial intelligence (AI) technology was used to create a lengthy tribute based on facts extracted from a shorter text posted on a social media account,” noted the CTU.
“The obituary appeared on six sites within 48 hours of the death, each version using slightly different verbiage but all containing the same details shared in the original social media post. “The use of AI by ‘obituary hackers’ has mixed results, with some ads containing obvious errors, inaccuracies or fabrications.”
However, there are several domains that host this content. They redirect visitors to “adult entertainment sites” or display CAPTCHA challenges which, in turn, install pop-up ads or push notifications. False virus warnings are also common, coming from products such as Windows Defender or McAfee, which lead visitors, in turn, to the real landing pages of these products.
In reality, an affiliate ID in the link rewards scammers for each subscription purchased this way.
So far, while CTU researchers have found no evidence that these scammers are using their fake sites to spread malware, there’s not much stopping them from making that evolution either.
“Financially motivated threat groups, such as GOLD ZODIAC, successfully employ SEO manipulation to direct victims to infected WordPress sites that distribute GootLoader malware,” the CTU said.
As always, according to the CTU, the best defense against these types of scams is education. Employees and individuals should stay up to date on the latest tricks scammers employ.
And if you get caught, let the folks at the National Ant Scam Center know.