info@businessghana.com
24th April, 2025 Global news events often fire up cybercriminals to conduct malicious campaigns. Sadly the passing of Pope Francis on Monday was no different. Almost overnight, disinformation campaigns began to appear on social media platforms such as Instagram, TikTok, and Facebook, with the uploading of fake images generated by AI.
These campaigns were designed to capture user attention, prompting them to search for more information via search engines or click on links embedded within the images or posts. Once engaged, users were redirected to fraudulent websites that served various malicious purposes, from data theft to financial scams.
"Public interest and emotional reactions make these moments prime opportunities for cybercriminals, who thrive on chaos and curiosity, to strike," says Rafa Lopez, Security Engineer, Email Security at global cyber security solutions provider Check Point Software Technologies.
According to Lopez, the approach fits a broader behaviour pattern known as "cyber threat opportunism", where attackers exploit high-interest global events to spread malware or misinformation.
Research from Check Point and other similar organisations, consistently highlights spikes in phishing and malware campaigns tied to major global events. During the COVID-19 pandemic, for example, Google reported over 18 million daily malware and phishing emails related to coronavirus scams.
The best defense to these attempted scams is a combination of user awareness and layered security protection," Lopez adds.
Of hidden links, malware and SEO poisoning
In one example observed, a link was hidden in a website promoting potential fake news about Pope Francis. Once a user clicked on one of the links, it redirected them to a fake Google page promoting a gift card scam—a common tactic used to trick individuals into handing over sensitive information or making payments.
On other fraudulent websites, background commands are launched and executed without user interaction. This form of malware collects information such as the machine name, operating system, country, language, and more. The purpose is to gather detailed data on users to later launch highly targeted phishing campaigns or to sell this information on the Dark Web. Such data could include login credentials, financial details, or technical device specs.
"Another significant threat tied to these types of events is SEO poisoning (Search Engine Optimization poisoning). Here, cybercriminals pay to position their malicious sites among legitimate search results, deceiving users into thinking they're accessing trustworthy information," says Hendrik de Bruin, Head of Security Consulting, SADC of Check Point Software Technologies.
This method helps distribute malware, steal credentials, or hijack session cookies—ultimately monetizing the traffic generated through such sites. For instance, someone searching for updates on Pope Francis might unknowingly click on a malicious link ranked high in search results.
"This problem is exacerbated by the fact that many of these domains do not appear in reputation intelligence tools. The domains may have been recently registered or held dormant for months without showing any malicious behaviour, allowing them to bypass detection by most cybersecurity systems. Attackers are adept at using clean domains with no historical ties to malicious activity, making their campaigns harder to flag," he adds.
How to Stay Safe – Security Tips:
Keep your browser and operating system updated to the latest versions. Security patches often fix vulnerabilities that attackers exploit.
Use browsing protection tools like Check Point Harmony Browse or other web security extensions that verify websites in real-time, blocking malicious links before they load.
Be cautious with sensational headlines or viral content, especially on social media. If the news seems shocking, cross-check it through reputable media outlets.
Don't click on links from unfamiliar sources, especially in emails or social posts related to breaking news. Instead, type official news website URLs directly into your browser.
Use threat intelligence services like VirusTotal or Check Point ThreatCloud to verify suspicious domains or files before engaging with them.
Consider advanced security software that includes phishing protection, malware detection, and threat intelligence updates to keep your devices secure.
"By following these steps, users can significantly reduce their risk of falling victim to disinformation campaigns or cyberattacks that capitalize on global events," De Bruin concludes.
Please find examples of these fake photographs and posts circling around, spreading fake news on Pope Francis and his recent death.
Example A: URL Link used to spread fake news about Pope Francis
Interfaz de usuario gráfica, Texto, Aplicación El contenido generado por IA puede ser incorrecto.Imagen que contiene Diagrama El contenido generado por IA puede ser incorrecto.
Example B: Video screenshot from TikTok mentioning that the death is a hoax. Currently circulating.
Personas sentadas en una mesa El contenido generado por IA puede ser incorrecto.
Example C: Image extracted from thousands of Instagram posts, generated with AI, containing various links to fraudulent websites.
.Interfaz de usuario gráfica, Aplicación El contenido generado por IA puede ser incorrecto.
Example D: Fake image generated by AI, initially distributed in February 2025, now resurfacing on different websites and social media posts linking to supposed news sites.
