cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Scammers are using generative AI to create scam obituaries

Victims of fake obituaries are liable to have personal information stolen or become infected by adware.

user icon David Hollingworth
Thu, 28 Mar 2024
Scammers are using generative AI to create scam obituaries
expand image

Security researchers at Secureworks’ Counter Threat Unit (CTU) have uncovered a new tool in the hands of scammers – fake obituaries written by generative artificial intelligence.

The CTU has observed multiple examples of scammers creating fake obituaries, usually in the wake of a death that has caused many people to turn to Google to search for information on the deceased.

The scammers then use SEO poisoning to make their scam page rank higher on searches. When victims visit the page – which appears legitimate – they’re pushed to install adware and other unwanted programs or get caught up in clickbait revenue-generating schemes.


“CTU analysis of a February 2024 obituary suggests that generative artificial intelligence (AI) technology was used to create a lengthy tribute from facts gleaned from a shorter text posted to a social media account,” the CTU observed.

“The obituary appeared on six sites within 48 hours of the death, each version using slightly different verbiage but all containing the same details shared in the original social media post. The use of AI by ‘obituary pirates’ has mixed results, with some notices containing obvious errors, inaccuracies, or fabrications.”

Nonetheless, there are several domains that host such content. They redirect visitors to “adult entertainment sites” or show CAPTCHA challenges that, in turn, install pop-up ads or push notifications. False virus alert warnings, from products such as Windows Defender or McAfee, are also common, and these lead visitors, in turn, to the actual landing pages for these products.

An affiliate ID in the link actually rewards the scammers for each subscription bought in this way.

So far, while CTU’s researchers have found no evidence that these scammers are using their fake sites to spread malware, there’s also little to stop them from making that evolution.

“Financially motivated threat groups such as GOLD ZODIAC successfully employ SEO manipulation to direct victims to infected WordPress sites that deliver GootLoader malware,” the CTU said.

As always, according to the CTU, the best defence against such scams is education. Employees and individuals should stay abreast of the latest tricks scammers employ.

And if you are caught, let the folks at the National Ant-Scam Centre know.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.