Spam and phishing scams try to capitalize on the Hurricane
Katrina tragedy.
Hurricane Katrina has set off a wave of online phishing and
other scams that try to capitalize on the emotional response of
Americans to the disaster, security experts warned Friday.
The phishing efforts, fraudulent attempts to spoof sites to con
users, include emails asking users to donate to victims of
Hurricane Katrina by using fake news reports and heart-rending
pictures. Money donated in this way does not go to any relief
agency and is pocketed by spammers and con artists.
We are seeing attempts similar to those we saw after the recent
tsunami in Asia where some people do not respect a tragedy and
instead try to exploit it, said Scott Petry, vice president of
products and engineering at Postini, an enterprise email
security and management company.
Experts said that phishing attempts usually begin two to three
days after a disaster, once public awareness about the event
increases and there is widespread coverage of the incident.
This makes the timing for the current wave of Katrina-related
spam and phishing just right, said Susan Larson, vice president
of global threat analysis and research at SurfControl of Scotts
Valley, California.
Just last night, President Bush brought the former Presidents
Clinton and Bush on national television to start the relief
campaign, said Ms. Larson. Once the money is flowing and the
relief is legitimized, then the scams will prey on these sites,
putting up spoofed ones and even trying to compromise the
legitimate ones.
Spam and phishing attempts in the wake of the Katrina tragedy
have increased the demand for Internet domain names that contain
references to the disaster.
eBay currently lists a number of domain names related to
Hurricane Katrina for sale with claims that proceeds will go for
relief work. But Johannes Ullrich, chief research officer at
Sans Institute, a computer security training and research
company, said that more often than not it will be used by online
con artists.
We have seen an increase in the number of sites registered with
the URL relating to Hurricane Katrina in some way, said Mr.
Ullrich. A vast majority of this has happened in the last few
days.
Creative Crooks
Online scammers are coming up with some creative ways to dupe
users. Sophos, a United Kingdom-based IT security company, has
issued a warning about a spam campaign that poses as a news
report about Hurricane Katrina. The email entices readers with a
fake news story and then asks them to click onto a link to read
more. The link takes them to a fake web site that tries to
infect their PCs with malware.
Sophos says a typical example of this kind of email reads like
this:
Mississippi Gov. Haley Barbour said Tuesday that Hurricane
Katrina killed as many as 80 people in his state, and burst
levees in Louisiana flooded New Orleans.
Just before daybreak Tuesday, Katrina, now a tropical storm, was
35 miles northeast of Tupelo, Miss., moving north-northeast with
winds of 50 mph. Forecasters at the National Hurricane Center
said the amount of rainfall has been adjusted downward Monday.
Read More..
The Read More link pretends to have a more complete version of
the story, but in reality tries to install malicious code to
give hackers control of a victims computer, said Sophos.
Receiving or reading the emails themselves does not mean you
are infected, said Graham Cluley, senior technology consultant
for Sophos. But clicking on the link could be dangerous, he said.
There are not just attempts to solicit donations using the
plight of Hurricane Katrinas victims. Enterprise security
company SurfControl said it has seen web sites that foment
religious intolerance and use that to ask for donations.
We are seeing a lot of hate sites that characterize the
disaster as the wrath of God and have asked users to donate to
them, said Ms. Larson. This only shows that anytime there is a
topical and emotional event it will be used by scammers to
trigger people into an immediate response.
On the Case
FBI spokesperson Paul Bresson said that the phishing attempts
and other Katrina-related scams have been noticed by the agency.
It has come to our attention that there are some web sites that
may be operating under the guise of being legitimate
organizations trying to provide relief to victims of Hurricane
Katrina, said Mr. Bresson. We are actively looking into
tracing the owners of these sites.
But until the FBI can accomplish that, security experts said
that online users are better off following a few rules. If
people want to donate money they should do it through the
well-known organizations like the Red Cross or Project Hope,
said Postinis Mr. Petry.
Mr. Petry also suggested that in the wake of the widespread
phishing attempts users should try and mail a check if they want
to donate to an organization that they are not familiar with,
instead of making an online donation.
SANS Institute said those who do wish to donate via the Internet
should check the charitys credentials through the IRS web site,
which lists all the nonprofit organizations registered with it.
For more information and articles visit:
http://www.MagazineMillions.com http://www.LanceGroom.com
