Bad guys are “actively & aggressively” targeting your desire to click on questionable stories, experts say.

You want to believe it’s true—that headline claiming the politician you hate is doing something even worse than you imagined. 

You indulge yourself, bolstering your feelings of anger and righteousness, by clicking on, reading and even sharing that fake news article.

But now that toxin is spreading beyond your mind and your social circle. It’s infecting the computers of those who view it, cybersecurity experts say.

“Your computer can get poisoned,” said Andrew Plato, CEO of Anitian Enterprise Security. “My own mom got hit by this.”

An example of fake news. PolitiFact said this story on tdtalliance.com about a supposed Obama military Christmas card ban was false. Cybersecurity expert Andrew Plato did not say which fake news article tried to infect his mother’s computer.

How it happened

The tainted fake news stories can show up in ad space online.

Plato’s mom spotted an article that caught her attention. He did not name the story in question.

“It was something that she politically is interested in,” he said. “It was a story that she thought was interesting and appealed something to something she already basically believed.”

She clicked on the story and went to another site. A box popped up saying her computer was infected.

“It started injecting things on her computer,” Plato recounted. “It managed to work around a number of protections put on her computer.”

Plato said he stepped in to help and stopped the infection before it was too late.

“It got her on that gullibility factor,” he said. “She was lucky.”

This story about Sarah Palin & a claimed mall boycott that appeared on newslo.com was declared fake news by PolitiFact.

‘It’s everywhere”

This kind of attack—a fake news story or enticing article showing up in ad space—is affecting a lot of people, according to Plato.

“This has become prolific,” he said. “It’s everywhere.”

It’s not just political.

“They say something like ‘Lower your mortgage’ or ‘Get a million dollars free,’” he said. “They can use all manner of things to grab people and then cause damage.”

Some Twitter users shared fake news about a supposed Obama military Christmas card ban as if it were real news.

Polarized

Why does it work so well?

We often throw caution to the wind on social media, according to James Scott of the Institute for Critical Infrastructure Technology. 

“Many social media users self-impose a mental disconnect from cyber-hygiene when they access social media,” Scott wrote in a post. “And many polarized users are willing to open news or fake news articles that they disagree with, solely for the purpose of assessing opposing viewpoints or arguing in the comments sections.”

The result? A wide pool of victims for the taking.

Cybercriminal gangs, nation-states, hacktivists, terrorists and ‘self-radicalized cyber lone wolves’—all using these tactics to get your computer and your personal information, or to infiltrate companies, critical infrastructure and the government, he said.

Some Facebook users shared a link to a story—like this one from fedsalert.com—claiming Donald Trump died from a heart attack.

A single click

Cyber invaders used fake news to trick people within six hours of the 2016 presidential election, Scott noted.

E-mail with headlines like “The ‘Shocking’ Truth About Election Rigging” and “Why American Elections Are Flawed” went out to people working on national security, defense, international affairs, public policy and more, Scott said.

If one person falls for fake news attacks, an entire company or organization can be compromised.

“In this manner, a single click can deliver a devastating malicious payload that will haunt an organization for years to come,” Scott said.

The claim that Harambe received 1000’s of write-in votes circulated through social media immediately after the 2016 election. This November 10, 2016 CNN article explains why the claim is false.

Real news

Attackers target you with real news, too, hitting you with malware through links to stories about the Olympics, big disasters, celebrity news and global events.

And they will continue to “actively and aggressively” weaponize information, Scott predicted.

Staying away from fake news—or real news from a suspicious source—will help you stay safe, along with the usual recommendations that you keep your computer up-to-date, use computer protections and avoid the desire to click on everything you see.

But Plato said malware distributors can figure out ways to make it very tempting for you.

“There are ways to kind of profile you used on what you click and where you go and the cookies that are on the machine, and obviously certain websites attract certain kinds of mindsets,” he said.

The claim that 11,000 people wrote in “Harambe” on their 2016 presidential election ballots still haunts social media.

You like cats? They could show you an ad for an article with kitten videos.

You like cars? You could see an ad for story about “this one trick” that could land you a luxury ride.

Plato said he runs an ad-blocker to help protect himself.

Clickbait can come with a digital dagger as punishing as a real fish-hook—and sharing it could share the infection with someone else.

“They’re feeding on people’s emotions,” Plato said. “You have to be really careful what you click.”