Scam obituary sites draw enterprise traffic, research finds

There’s no rest for the wicked—at least not when it comes to someone else’s death.

Secureworks Counter Threat Unit (CTU) researchers have flagged “obituary pirates” as a possible enterprise security risk, writing in a report that they had identified a network of scam sites apparently using AI to pad out plagiarized obituaries. The creators used the sites as lures to redirect visitors to e-dating and adult websites, or present users with Captcha prompts designed to trick them into installing web push notifications or pop-up ads.

The sites did not appear to be distributing malware. Ironically, they led to landing pages for antivirus software such as McAfee and Windows Defender.

CTU senior threat researcher Tony Adams told IT Brew he first came across the scam after noticing suspicious links in Facebook threads discussing the death of a colleague. He then identified other sites with similar elements such as registration time, web framework, and recirculated stories and obituaries bearing hallmarks of AI generation.

“I was a little perturbed that whoever was behind it was capitalizing on the death of a friend,” Adams said. “The cluster I found, it seemed to be profit-oriented.”

Threat actors often leverage whatever they can to lure traffic via SEO poisoning to malicious or scammy websites.

At least six of domains hosted versions of the obituary for Adams’ friend, although he found evidence that around two dozen other domains, possibly owned by the same people, were pulling the same kind of scheme. When Adams looked at Secureworks telemetry, he found that “a surprisingly high number” of users within the company’s customer base (thus from within corporate environments) had visited those sites.

In another example, Adams told us, a fake obituary for a worker who had died in a workplace accident had drawn traffic from other employees at the firm. He said that while whoever was behind the sites wasn’t yet running a very sophisticated operation, the model could easily be adapted to spread targeted malware.

“This model is successful enough in getting eyeballs, and it’s using social engineering tactics to prey on people when they’re vulnerable,” Adams said.