12 Celebrity Death Phishing Attacks

These phishers appear to be capitalizing on both Michael Jackson's death and the social networking phenomenon. In this Michael Jackson phishing attack, sent by researchers at Symantec, hackers spoof a user's social networking profile, and attempt to download malicious code to the contact list by enticing users to click on a malicious link. The upshot? Be cautious about opening suspicious links, especially those exploiting a celebrity death -- no matter how convincing is the message.

Hackers have convincingly created a site (left), contributed by Symantec, which appears to be from a legitimate news organization, which depicts reports of Michael Jackson's death in an attempt to lead victims to a malicious link. The message, which is written in Spanish, purports to offer the latest news of the celebrity singer's death, along with the latest unpublished photos. All users have to do is click on a URL, right? Hackers have consistently launched attacks that exploit the curiosity about high profile news events, and people's fascination with celebrities -- and this one is no different. Meanwhile, don't click the URL -- it's bound to distribute malicious code, instead of the latest images of Michael Jackson.

In this phishing attack, sent by Symantec, spammers send out content related to Michael Jackson's death, along with an embedded .jpg link that leads to a malicious binary file. The Spanish translation is "in all the papers, the death was the result of/caused by drug use!" While seemingly simple, this attack reflects a trend of surprisingly effective minimalism, in which attackers send a one-sentence e-mail message along with an infected link.

In this attack, sent by Symantec, a spammer pretends to be a Michael Jackson concert ticket officer based in London, and sends out a message that requests the recipient's personal identifying information in order to receive ticket reimbursement. Of course, the spammer most likely offered to provide the victims with a full-reimbursement directly deposited into their bank accounts. The spotty grammar is a dead giveaway. Meanwhile, users should be aware of the fact that they rarely gets their money back without a lot of bureaucratic red tape.

Phishers are exploiting user's curiosity about celebrity deaths and high profile events by spoofing legitimate looking news sites like CNN. And they're creations are increasingly becoming more and more convincing.



In this attack, contributed by Symantec, users who click on the line will be redirected to the page that prompts them to download and run a file on a fake Flash Player, which, in fact, installs malicious code on their computers.

This mass-mailing worm, provided by Symantec, lures users with the news of Michael Jackson's death. The worm sends out spam e-mails with the subject "Remembering Michael Jackson" along with an attachment called "Michael Songs and Pictures." The zip files also contain another file called "MichaelJacksonsongsandpictures.doc.exe," a copy of the worm that is executed on the user's machine when the file is opened. The worm, detected as "W32Ackantta.F@mm, spreads through e-mail, as well as removable drives using Autorun function.

This attack image, provided by Sophos, appeals to the conspiracy theorists. Conspiracies are often much more enticing than actual events -- although not always. But in this case, the hackers exploit users' morbid curiosities by promising a glimpse of Michael Jackson's killer's photos and secret details (of course, if it's a mass e-mail it probably isn't so secret). But don't click on the link. Instead of photos and information, this link will inevitably lead users' computers to a dose of malware -- likely of the information stealing variety.

Bad grammar and awkward phasing aside, this e-mail, which claims to come from [email protected], says that the attached ZIP file contains secret songs and photos of Michael Jackson. In reality, opening the attachment only exposes users to infection. And once computers are hit they spread the worm onto other Internet users. Besides spreading via email, the malware is also capable of spreading as an Autorun component on USB memory sticks (an increasingly common trend for malware as use of these devices has become more and more popular).

This message was one of the first in the subsequent waves of spam sent with the breaking news Michael Jackson's death. Like any phishing attack, the hackers are ultimately attempting to harvest victims' e-mail addresses. In this kind of spam message, the spammer claims she/he has vital information about the death of Michael Jackson to share with the recipient. Between the horrendous grammar and bogus e-mail address, users can discern pretty quickly that this message is a spam attack. The body of the spam message does not contain any call-to-action link such as a malicious URL, e-mail address, or phone number. But, the spammers have access to the victim's email address if they reply to the message, which they could use to infiltrate contact lists and social networking sites.

Michael Jackson's wasn't the only celebrity death to be exploited by hackers. Popular search results for news about the death of actor Patrick Swayze included a link to a Web page urging visitors to download malware disguised as anti-virus software, promising to scan the user's system for, ironically, malware. The malware then conducts a fake scan of the computer. Upon allegedly finding malware, the software instructs users to purchase the bogus anti-virus product to eliminate viruses which don't really exist. In return for their credit card numbers, users will get bogus software at best, malware at worst.

From the maelstrom of phishing attacks exploiting actual celebrity deaths come attacks that exploit rumors of celebrity deaths -- whether they're true or not. In this case, the attack, submitted by researchers at Sophos, circulates a false rumor that Emma Watson, who played Hermione Granger in the Harry Potter movies, was killed in a drunken car crash. Hackers behind the hoax are clearly exploiting Emma Watson's celebrity status in an attempt to "be the first" to "break the news of her death." Upon close inspection, the news report hardly seems plausible as it is full of grammatical errors and awkward phrasing. Meanwhile, Watson is not the first movie star to be a victim of a bogus news story. Shortly following Jackson's death, phishing attacks have also circulated a rumor that Jeff Goldblum had fallen to his death while filming.

Immediately following the death Michael Jackson, spammers began exploiting people's sense of loss by requesting donations to a bogus foundation in Jackson's name, the "Michael Jackson Foundation." However, for almost anyone who can read/understand English, this solicitation is clearly a hoax. Grammatically incorrect sentences and broken English are the first giveaway. Nonetheless, if these scams didn't work, the hackers would inevitably change their tactics (or take a crash course in English Grammar 101).