The social engineering aspects of the story are simply pregnant with possibilities (ahem).
"Malware authors worldwide have been waiting ages for this," security blogger Graham Cluley told the Register, noting that spear phishing emails with themes like "Exclusive first pictures", "Secret video from inside delivery room" and "Sex revealed" are sure to rope some royal baby fans into a malware trap.
Will and Kate were used as malware bait before when they were engaged, and proved that, as with any hot story, it pays to be very careful where one surfs around for news. Malware authors are also aware of the process of search-engine optimization (SEO) and often exploit big stories to create malicious webpages that attack unaware visitors who are simply looking for news and information.
Hurricane Sandy was a notorious honey trap for consumers, with malware authors posing as charity operations in order to get users to click over to an infected page. Celebrities, too – not just royals – tend to be used for malicious purposes, and for the same reason; put simply, people are interested in them. Cluley pointed out that a new Facebook scam is using Emma Watson to spread malware.
“Everybody should know by now that it’s a very bad idea indeed to click on any Facebook links that claim to be a leaked sex video of a world famous actress,” he said in his blog. “And yet, people still do.”
The scammers claim to have a compromising video of the Harry Potter actress, and offer via Facebook spam to offer it for free “after age verification.” Of course, the age verification involves cutting-and-pasting a script into a browser’s address bar – which takes users to an infected page.
Instead of verifying age, “you are helping to help spread the scam for the fraudsters behind it, and put money in their pockets,” Cluley said. “Behind the scenes, the link to the alleged Emma Watson sex video will be posted on the victim’s own Facebook wall, tagging their friends in a hope to spread the scam even further.”