Last week two security firms brought to light a new scam that is especially repugnant for two reasons. First, it targets military veterans who are looking for jobs and people and businesses who support those efforts. Second, it asks the viewer to download a malicious app that has potential to set up the user’s computer for data theft and further attacks.
The fake website closely resembles the US Chamber of Commerce website Hiring Our Heroes. You can see an image of the fake site, called Hire Military Heroes, in this article. The name of the fake site is similar to both the Chamber’s site and many other programs for veterans across the country. The fact that it has no content besides the app download should be a dead giveaway, but its appeal to veterans and the people who support them makes it potentially dangerous. It is only one of many scams that have specifically targeted veterans. The site is hard to find online because it uses an hxxp prefix, a clear attempt to disguise what it is doing. So far it is not known how the scammers are distributing communications about the site. The site may already have been taken down because it was identified early in its life cycle.
Scams targeting veterans are so common and they ensnare so many innocent victims that the US Postal Service and the AARP Fraud Watch Network have set up a special public education project Operation Protect Veterans. According to the Army Times, scams that are specifically targeted at veterans include:
Local VA offices can provide information about whether offers are legitimate and veterans should always check out offers, hopefully before having any contact with the source of the communication. That, of course, is good advice for all of us. Veterans who are suspicious or who have been victimized should contact local police or the AARP.
This is one more example of how widespread scams are, including those targeting specific groups of consumers. It is also an example of how quickly scams morph into something that looks different enough to be attractive. This scam also may be a warning sign that criminals are using more direct and effective technology in their efforts to separate consumers from their data and their money.
It is a warning we should all heed.