Beware: Walking Dead Phishing Schemes and Malware

Beware: Walking Dead Phishing Schemes and Malware

This post is meant to act as a means to inform people that there will be Walking Dead Phishing Schemes and Phishing in the coming days as well as associated malware. These are from my own perspective. While I make every effort to be thorough and hit every aspect, there are times that I inadvertently omit things or skip them due to scope, time, length or applicability. Email any questions you have about this or any other topic to [email protected]

This seems to be a growing trend, but every time a major pop culture event occurs, fraudsters and other schemers take to the internet to deceive. Tonight’s Season 7 Premier of AMC’s The Walking Dead is no different.


I have not noticed anything phishy talking about who met Lucille (Neegan’s baseball bat covered in barbed wire), but I assure you – they are coming. This will akin to Prince’s Death, the Election (upcoming), and Hurricane Matthew (pathetic – I know). The posts and emails will be targeting two groups of people: the super fans that cannot get enough of The Walking Dead and those who are clicking only for the pop culture reference or to jump on the proverbial bandwagon.

Expect something to this tune:

The Walking Dead

This capitalizes off the aim for urgency, status quo, fitting in, or suspense in successful Social Engineering attacks. While the victim may find out who (if anyone) was killed on the show, they may get more than they bargained for. Read my advice below for some tips to stay secure.


My advice to you in staying secure during these possible times for major hoaxes is to follow these tidbits of wisdom:

  • If it seems too good to be true – it probably is.
  • If it claims to give inside information or spoilers ahead of time – it will probably spoil your system (with malware).
  • Only view reputable sites and social media for such news. If for a TV show like The Walking Dead, check AMC (or the appropriate network).
  • When clicking links on social media platforms, hover over the link and observe the website that it’s sending you to.
  • If the website is a shortened or obscure URL like (nothing against them, but this is a popular attack method), right click “Copy Link Address” and go to Virus Total (A Google Project) and select URL then paste it and “Scan It!”
    • This will tell you if the URL is known to be malicious. Just because it says no does not mean that the site is safe, it may have not been reported enough yet.
    • You can also use this site for uploading software to check it for malware as well.
  • Ask someone like myself or another information security professional.

How attackers can streamline this for your area

Simply, using hashtags associated with The Walking Dead or TWD would be a simple “spray and pray” approach. Alternatively, they can use Justin Nordine‘s OSINT (Open Source Intelligence) Framework. This allows various attack methods, but for this, I would recommend using the Social Networks > Twitter > Location / Mapping > GeoChirp or MIT Map. This allows me to look at maps of areas and see what is trending on Twitter in near real time if the person tweeting has location services on.

Alternatively, I can take a page out of Justin Seitz‘s book and write a python script that interacts with Twitter API (Automated Programming Interface) and look at tweets within a certain context: such as hashtag, user, or geographic area. This could also be used to build tweets and poison the well per se as well. For this, I can integrate with other tools like OSINT Framework or Social Engineer Toolkit to build a good phish, back story, or pretext for attack.


O’Reilly Media is launching their inaugural Security conference in New York (Oct 31- Nov 2), with their first European event shortly after in Amsterdam (9-11 Nov), to provide infosec practitioners with pragmatic tools, techniques, and know-how for building better defenses.
Register today and save 20% (on Gold, Silver & Bronze passes) with discount code APS20. Plus, take advantage of the Buy One, Get One offer for the O’Reilly Security Conference. Simply purchase a pass and then request a unique code to get a free pass for a colleague. Learn more at


Implications of Powershell Going Open Source
Yahoo Data Breach: What We Know Now
Most of What You Need to Know: Wi-Fi
Cybersecurity & the US 2016 Presidential Election
Most of What You Need to Know: Passwords
Twitter Hacked?
Change Your Email Password Now!
Qatar Bank Breached After Bangladesh
Bangladesh Bank Loses 80 Million USD

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will).  To learn more about us, check out our “About Us” page.

Enter your email address:

Delivered by FeedBurner

Subscribe to our mailing list

* indicates required

About Joe Gray

Joe Gray joined the U.S. Navy directly out of High School and served for 7 years as a Submarine Navigation Electronics Technician. Joe is currently a Senior Security Architect and maintains his own blog and podcast called Advanced Persistent Security. In his spare time, Joe enjoys attending information security conferences, contributing blogs to various outlets, training in Brazilian Jiu Jitsu (spoken taps out A LOT!), and flying his drone. Joe is the inaugural winner of the DerbyCon Social Engineering Capture the Flag (SECTF) and was awarded a DerbyCon Black Badge. Joe has contributed material for the likes of AlienVault, ITSP Magazine, CSO Online, and Dark Reading.