The National Defense Administration issued a nationwide warning on Wednesday that cybercriminals and phishing campaigns are exploiting Morocco’s earthquake crisis to attack users’ phones, tablets, and laptops.
“While a race against time is still underway to bring relief to those affected by the quake, cybercriminals are looking to take advantage of this humanitarian crisis,” the Information Systems Security Department (DGSSI) stated.
Scammers may use “earthquake” info in phishing campaigns to trick victims into downloading dangerous files or opening malicious links on social networks to install various types of malware, including remote access and information-theft Trojans.
The note explained that people looking for earthquake monitoring applications with online map visualizations may end up downloading and installing a malicious app that ostensibly provides earthquake information, but instead installs malware in the background to compromise victims’ devices and steal their confidential information.
The DGSSI emphasized that users need to be aware and cautious and should only open files from credible sources. “It is important,” it said, “to raise users’ awareness about phishing attacks by encouraging them to verify the source address of the sender and the web links in the message body (by hovering the mouse cursor over these fields to display the actual address).”
The administration also recommends that users block messages that do not comply with “Sender Policy Framework” (SPF) standards and those that contain executable files, and make sure that they only download trusted applications from official sources.