Virginia shooting - don't open that link!
Scammers and cyber criminals love to capitalise on tragedy, and we can't help but click
Shootings in America are, sadly, not unusual, but when two journalists were shot live on air on Wednesday last week, social media went into overdrive.
What made this particular attack unique is the fact it was filmed and broadcast by the victims as it happened and, it later transpired, the shooter himself had recorded the murder and posted it online before taking his own life.
Very quickly, my Twitter feed was full tweets from news organisations such as the Huffington Post linking to stories containing the "graphic footage" or, in the case of Russia Today, having a short Vine of two people dying auto-play when you scrolled down.
Soon though, news outlets reacted to the revulsion people expressed at their decision to rebroadcast the footage and removed it from their stories. Facebook and YouTube were also diligent in their efforts to remove the footage taken by shooter Vester Lee Flanagan as it was posted and reposted.
But, for some, the desire to see the footage first hand is too much, and cyber criminals know this as much as - or perhaps better than - anyone else.
By the evening, the Virginia trend on Twitter was full of rather suspicious-looking links to the "full uncensored video".
Social engineering attacks that take advantage of our curiosity are among the most successful at attracting victims and are also relatively easy to create, which is why they remain so popular with cyber criminals as a vector of attack.
It's not just social media, either - emails are still circulated in the wake of tragedies, be it a link to an alleged miracle survival video from a natural disaster or something more grisly, as in this case.
"Malicious actors are always going to use something that's in the media to try and lure in victims," Tim Grieveson, HP's chief cyber and security strategist, told IT Pro. "We're human, we are voyeurs, and they know that."
"To protect against successful attacks, you need to have good technology in place, but it's also about educating people to be careful, both in the business and at home. There are still a lot of people who get caught out by phishing emails - they still click that link - but education now has to be mulit-platform and include social media as well," Grieveson said.
Even though there's a strong moral argument against it, curiousity will always get the better of some people - they want to feel hope in the face of disaster, they want to feel righteous anger when ISIS execute a prisoner, they want to see something ususual and shocking.
But, just maybe the threat of malware, rather than a salacious video, will make us think twice in future.
The essential guide to cloud-based backup and disaster recovery
Support business continuity by building a holistic emergency planDownload now
Trends in modern data protection
A comprehensive view of the data protection landscapeDownload now
How do vulnerabilities get into software?
90% of security incidents result from exploits against defects in softwareDownload now
Delivering the future of work - now
The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.Download now