The internet was quickly set ablaze following the death of Pope Francis on April 21. While the world mourned the passing of the 88-year-old pontiff, illegal betting operators found an opportunity. Pope Francis died from a stroke that led to a coma and irreversible heart failure, according to the official death certificate issued by the Vatican. The solemnity of the moment was overshadowed by a wave of digital malfeasance.
From malicious malware to illegal prediction markets, the Pope’s passing became yet another example of “cyber threat opportunism” – a growing trend where scammers leverage high-profile global events to spread misinformation, infect devices, and extract personal data.
One of the most bizarre developments following the Pope’s death has been the surge in online betting over who will be his successor. Platforms like Polymarket, which operates in a legal gray area in many countries, including India, have opened predictions on the next pope. The platform claims Italian Cardinal Pietro Parolin, the Vatican’s Secretary of State since 2013, has a 37% chance of becoming the next pontiff.
Read More: Pope Francis dies at 88 on Easter Monday at Vatican residence
Numerous online betting portals, many operating illegally in India, have jumped on the bandwagon, encouraging users to place bets on the papal succession. Experts warn this is not just about gambling – it’s about funneling traffic toward platforms that may not just be illegal, but potentially dangerous.
Using the Pope’s death as bait, scammers launched a wave of malicious campaigns across social media and short video platforms. Disguised as tributes, news alerts, or “inside scoops,” these posts carried embedded links that redirected users to phishing sites or malware-laced pages.
“Cybercriminals thrive on chaos and peak public interest,” explains Rafa Lopez, Security Engineer at Check Point Software Technologies. “Moments of emotional impact make people less cautious, and that’s when attackers strike. We’ve seen this pattern repeatedly—be it during a pandemic, a war, or now, the death of a global religious leader.”
In one notable case, users who clicked on what appeared to be a news article about Pope Francis were redirected to a fake Google page promoting a gift card giveaway. This common scam tricks users into sharing sensitive information or making small payments, which are then exploited further.
Not all cyber threats are so visibly deceptive. On several fraudulent websites, malware operates quietly in the background, executing scripts without any interaction from the user. These programs harvest a broad range of information, including the device’s operating system, location, language, and technical specifications.
“The aim is data – plain and simple,” Lopez adds. “This information can be sold on the Dark Web or used to launch highly targeted phishing campaigns later.”
This technique was widespread during the COVID-19 pandemic. As Hendrik De Bruin, Head of Security Consulting at Check Point for the SADC region, notes: “During peak pandemic days, Google reported over 18 million daily malware and phishing emails tied to coronavirus scams. That trend hasn’t slowed – it’s simply evolved to exploit whatever the world is talking about.”
Another rising concern is a technique known as “SEO poisoning.” Here, cybercriminals manipulate search engine algorithms to push their malicious sites into the top results when people search for trending topics like the Pope’s death.
The user, believing they’re clicking on a trusted news link, unknowingly walks into a trap. These poisoned results can lead to malware downloads, credential theft, or even browser hijacking.
As cybercriminals grow increasingly sophisticated, the best defense lies in a combination of awareness, skepticism, and robust digital protection.
“The more informed the public is, the less effective these scams become,” Lopez concludes. “Education is the frontline of cybersecurity.”