Updated Social media has become a conduit for the spread of fake cures and treatments for Ebola. As if that weren't bad enough, confusion about the epidemic is also being harnessed to push malware and other cybercrime scams, security watchers warn.
The hoaxes began in the Twittersphere with the spread of false ways to treat Ebola.
Late last week, hoaxers began latching onto news of the grounding of an Air France plane due to a suspected Ebola case in Madrid, Spain. The passenger has since tested negative, according to reports. Spanish police warned citizens to be careful when clicking on Ebola news and, in particular, to be careful of rumours circulating through WhatsApp. False rumours that Ebola has spread to a high school in Alaska, debunked by Anchorage police and the school district, were spread over Twitter.
Ebola patients among medical workers in Spain and Obama's speech on the outbreak provided new fuel for social media hoaxes recently, according to social media risk management specialists ZeroFOX.
"In large public panics such as the Ebola outbreak, sensationalised rumours can travel fast – especially when leveraging trends and hashtags," Evan Blair, chief operating officer of ZeroFOX told El Reg. "We have seen misinformation about potential cures go so far as to hospitalise people in Nigeria.
"As a news source and communication tool, social media is as democratising as it is unreliable. Although users have unprecedented access to real-time information, they now must wade through the facts and fiction, deciding what is critical and what is noise," he added.
One of the most damaging hoaxes doing the rounds is the potentially lethal "advice" that drinking bleach can make individuals immune to Ebola.
Elsewhere, there are concerns that cybercriminals might latch onto the Ebola scare as a means to spread malware.
It's common for cyber criminals to latch onto current events as a tactic to persuade people to click links and perhaps even hand over their private information to dodgy sites. The occurrence of a natural disaster or celebrity death have generally heralded the appearance of topical scams and malware for years, certainly since the Indian Ocean Tsunami of 2004 if not before.
Ebola is unlikely to be an exception.
Mindful of this, US-CERT put out an alert warning IT workers to be on their guards against possible Ebola-themed malware and phishing scams.
US-CERT reminds users to protect against email scams and cyber campaigns using the Ebola virus disease (EVD) as a theme. Phishing emails may contain links that direct users to websites which collect personal information such as login credentials, or contain malicious attachments that can infect a system.
“Fear is a powerful emotion and one often leveraged by savvy cyber criminals, as fear and other strong emotions clouds people’s judgement and increases the likelihood of a successful phishing attack,” said Ken Westin, a security researcher at security tools firm Tripwire.
For those with businesses in West Africa, in particular, Ebola presents a health and safety and business continuity issue as well as posing a more general health risk. As previously reported, Gartner is advising organisations to talk to their cleaners, stock up on supplies and prepare for more workers choosing to work from home, among other precautions. ®
As predicted, the Ebola epidemic has led to actual malware scams.
For example, one batch of malware flinging emails purporting to be documents from the World Health Organization but actually came packed with the DarkComet Remote Access Trojan, Trustwave Security reports.
Even worse. various letters doing the rounds falsely claim that anything from clove oil to snake venom offer potential Ebola treatments or cures.