Cybercriminals are exploiting the death of Pope Francis to spread disinformation and carry out malicious cyber campaigns on social media platforms like Instagram, TikTok, and Facebook.
Using AI-generated images and sensational content, attackers are tricking users into clicking on links embedded within posts or seeking more information through search engines about the Pope’s death, according to cybersecurity firm Check Point Software Technologies.
Once users engage, they are redirected to fraudulent websites that serve a range of malicious purposes, from data theft to financial scams. The cybersecurity platform noted that global news events often motivate cybercriminals to conduct malicious campaigns, and the Pope, who died on Monday, is no different.
“Public interest and emotional reactions make these moments prime opportunities for cybercriminals, who thrive on chaos and curiosity, to strike,” said Rafa Lopez, Security Engineer, Email Security at global cybersecurity solutions provider Check Point Software Technologies.
According to Lopez, this tactic reflects a wider pattern known as cyber threat opportunism, where attackers exploit high-interest global events to spread malware or misinformation.
Check Point noted that during global events, such as the COVID-19 pandemic, when Google reported over 18 million daily malware and phishing emails related to the virus, there is often a significant spike in cyberattacks.
Read also: How financial illiteracy fuels rising fraud losses
Check Point cited that in one example, a website falsely reporting the Pope’s death included hidden links that redirected users to a fake Google page promoting a gift card scam. This common tactic is designed to deceive individuals into handing over sensitive information or making fraudulent payments.
Some other malicious websites also launch background scripts without the user’s knowledge. These scripts gather detailed information such as device name, operating system, location, and language preferences. This data is then used for highly targeted phishing campaigns or sold on the Dark Web.
“Another significant threat tied to these types of events is SEO poisoning (Search Engine Optimisation poisoning). Here, cybercriminals pay to position their malicious sites among legitimate search results, deceiving users into thinking they’re accessing trustworthy information,” said Hendrik de Bruin, Head of Security Consulting, SADC of Check Point Software Technologies.
According to Lopez, the best defence against these attempted scams involves user awareness and layered security protection.
Other safety tips include keeping browsers and operating systems updated, using secure browsing tools and antivirus software, avoiding links in sensational headlines or from unfamiliar sources, and verifying information through trusted news platforms.
“By following these steps, users can significantly reduce their risk of falling victim to disinformation campaigns or cyberattacks that capitalise on global events,” added De Bruin.
