Fake memorial sites are just one branch of the tree of bereavement scams, which have been growing for years. What is new for hackers is the use of AI to deceive their victims, often made more vulnerable by the recent death of a loved one.
In a recent investigation dated March 20, 2024, Secureworks® Counter Threat Unit™ (CTU) researchers looked at sites targeting searches for deceased people. They noticed an increase in searches on Google.
They are actually scammers who create fake obituaries on funeral memorial sites, poisoning SEO to lure visitors to pages carrying adware or PUPs (potentially unwanted programs), or to clickbait schemes to generate income. These fake tributes and reviews are generated by AI, making the attacks more effective.
Vulnerable victims manipulated by scammers and AI
Hackers start by monitoring search trends on Google to spot increased interest in obituaries, especially in the first hours or days after a death. They fill the information void with fake reviews hosted on sites specializing in the field of bereavement, such as commemorations or funeral directors. They then manipulate Google search results with SEO by “poisoning” the SEO to give high visibility to their sites, thus redirecting visitors to pages with malicious content.
The grief scam is not a new phenomenon on the Web. Similar online scams are circulating on YouTube. We see a scammer reading an obituary, in return for income generated from viewing the video.
Facebook has also hosted “fake funeral scams.” But CTU researchers’ examination of a February 2024 obituary suggests that generative artificial intelligence was used to develop a tribute from facts taken from a shorter text posted on social media. The notice appeared on 6 sites within 48 hours of the death, with variations in language, but containing the same details as the original publication. The use of AI by these “obituary hackers” has had mixed results, with some reviews including obvious errors or inaccuracies to appear more human.
Researchers also identified numerous domains and sites harboring fake obituaries and other rehashed information. Visitors are redirected to dating or adult entertainment sites, or confronted with CAPTCHA prompts that install advertisements or push notifications. These notifications display fake virus warnings from well-known antivirus brands, persisting even after they are clicked. The buttons link to pages of legitimate antivirus software, rewarding cybercriminals for new signups or renewals with embedded affiliate links.
Prevention to avoid moral and financial harm
The consequences that these fake sites have on victims are significant. Indeed, loved ones, already devastated by the disappearance of one of their own, are more vulnerable and less vigilant. By coming across these fake reviews, they can relive the drama.
Apart from the emotional aspect, these scams also have a financial impact. Some sites solicit donations for funeral expenses or charitable causes in the deceased’s name, unwittingly paying hackers.
This is why CTU has identified some of these fraudulent sites:
- necrology.com
- funeralinfotime.com
- memorialinfoblog.com
- necrologieinfotimes.com
- obitsmemorialhomes.com
- nextdoorfuneralhomes.com
Although the distinction between authentic obituary sites and their malicious replica is made more difficult given the intervention of generative AI by scammers, certain signs can alert Internet users.
First, real obituaries are usually posted by well-known funeral homes or can be verified in local news sources. Then these obituary sites ask
rarely, if ever, donate directly to their page. It is also worth examining the contents of the site. For example,
a legitimate obituary site will not contain advertisements or content unrelated to bereavement.
Finally, while AI can generate compelling summaries, it lacks the personal anecdotes and depth that come from real contributions. Machines are therefore not close to replacing Men, even in death.
Sources: HackRead, Secureworks
0