New Jersey Regional Operations Intelligence Center (NJ ROIC) Intelligence & Analysis Threat Unit
- 2 pages
- For Official Use Only
- April 18, 2013
(U//FOUO) Websites and emails referencing the Boston Marathon bombing should be viewed with caution, as malicious actors are using the incident to disseminate malware and conduct fraud. While other agencies investigate the frauds, the NJ ROIC provides this information for situational awareness.
Tactics, Techniques & Procedures
(U//FOUO) Cyber security experts have identified multiple fake websites and charity efforts taking advantage of the Boston Marathon bombing. Based on previous incidents, more scams will follow.
- Within the hours of the bombings, actors with unknown intentions registered more than 125 domain names using a combination of “Boston,” “Marathon,” “2013,” “bomb,” “explosions,” “attack,” “victims,” and “donate” and should be viewed with caution. More domains are likely to follow.
- Malicious actors are using social networking sites to spread hoaxes, including information regarding the purported death of several child runners (children are not allowed to participate in the Boston Marathon), and injured runners purportedly running for a variety of charities and causes.
- Phishing emails may provide links to malicious websites purporting to contain information, pictures, and video, or may contain attachments with embedded malware. Clicking on the links or opening the attachments can infect the victim’s computer to further malicious activity.
- Multiple fake charities were created on social networking websites within minutes of the explosions, purporting to collect funds for victims. Traditionally, these websites are scams.
Internet users should conduct due diligence before clicking links, visiting sites, or making donations.
- Be cautious of emails/websites that claim to provide information because they may contain viruses.
- Do not open unsolicited emails, or click on the links/attachments contained in those messages.
- Never reveal personal or financial information in email.
- Do not go to unfamiliar websites to view the event or information regarding it.
- Never send sensitive information over the Internet before checking a site’s security and confirming its legitimacy. Malicious websites often look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
- Search email systems for the subject lines noted above and delete them from inboxes.