Wave of scams following Pope Francis' death: How personal data is stolen and tips to stay alert

Following the death of Pope Francis , cybercriminals began launching campaigns to defraud users , taking advantage of the massive interest generated by an event of this magnitude.

The phenomenon is not new: these types of operations often appear after major events, such as the death of world leaders, natural tragedies, or health crises, where public curiosity and emotions provide fertile ground for scams.

This time, the goal was to capitalize on the impact of the pontiff's death to launch hoaxes, steal personal data , and distribute malware .

Here are the techniques used by attackers to deceive users and how to protect yourself .

One of the most common tactics begins on social media platforms like Instagram, TikTok, and Facebook, where attackers upload fake images or posts—often generated by artificial intelligence—with supposedly shocking news related to the Pope.

These posts often include links that redirect users to malicious websites, disguised as legitimate pages or media outlets.

In one of the detected cases, a website was discovered that pretended to provide exclusive information about the Pope's condition. Clicking on a link redirected the user to a fake Google page promoting a supposed gift card offer.

This is a common technique: capturing confidential data such as emails, passwords, or banking information , or inducing payments for supposed benefits that never arrive.

On other, more sophisticated sites, the attack occurs without the user's direct interaction. As soon as the website is accessed, commands are executed in the background that collect technical information from the device, such as the operating system, the country of connection, or the language. This data can then be used in more targeted phishing campaigns or sold on clandestine dark web forums .

Another technique that gained traction in this campaign is SEO poisoning . In this type of maneuver, attackers manipulate the algorithms of search engines like Google to position their malicious sites among the top results.

A user searching for information about the Pope's death may end up clicking on one of these links, believing they're accessing a reliable source, when in reality they're exposing themselves to potential malware infections, credential theft, or session cookie hijacking.

A factor that exacerbates the problem is that the domains used are often new or "dormant," meaning they show no malicious activity for months and then suddenly become active. This allows them to evade the reputation filters of traditional cybersecurity systems, which fail to identify them as a real threat in a timely manner.

In these scenarios, the experts' recommendations are clear: avoid clicking on suspicious links, use updated browsers, and have security tools that analyze outgoing connections and website behavior in real time.

This type of maneuver falls under what experts call opportunistic cyberthreats, that is, campaigns designed to exploit the massive interest in global events. During the COVID-19 pandemic, for example, Google detected up to 18 million emails a day containing malicious content related to the coronavirus.

"The key to these campaigns is the emotional context. Cybercriminals thrive on chaos and curiosity," explained Rafa López, security engineer at Check Point Software Technologies.

“Every time a major news story breaks, we see a dramatic increase in scams designed to exploit public interest . The best defense remains a combination of user awareness and layered device protection,” he added.

From gift card scams to the silent theft of personal information, these types of campaigns reinforce a constant lesson in the digital world: no event, no matter how solemn, is immune to being used as bait for online crime.