10 Haiti Earthquake Scams To Avoid
In the days following the tragic earthquake in Haiti, non-profit medical groups and charity organizations launched a full-blown international relief effort to supply the devastated country with food, water and medical supplies. Sadly, cybercriminals from around the world began their own efforts, exploiting the tragedy and the ensuing humanitarian outreach for personal gain by distributing phony news reports or impersonating charitable organizations. Here are a few examples of what you might see when looking to make a donation or when seeking information about the Haiti quake on the Web. Be careful.
As in the wake of almost any tragedy, hackers will predictably set up fake charity or malware sites designed to infect users' computers. But to attract users to their sites in the first place, hackers will often employ a technique known as Search Engine Poisoning, which causes their sites to appear at the top of the Google and Bing search results when users enter a search terms such as "Haiti relief."
And it works. Users trust search results and often erroneously believe that sites listed at the top are legitimate. Subsequently, they're sometimes taken to malicious or fraudulent sites, as in this example, provided by Websense, which claim to collect donations for Haiti earthquake victims on behalf of a charity or relief organization.
The best bet for users would be to confirm the legitimacy of a charitable organization before making a donation, regardless of whether it appears at the top of the Google search pages.
Rogue antivirus scams are alive and well following the Haiti quake, as in this example, provided by Websense. And in a relentless effort to install malware on users' PCs and steal credit card information, hackers exploiting the Haiti tragedy will bring victims to sites that sell, or force users to download, phony antivirus software. Hackers will offer to provide a "free" but fake anti-virus scan, which alerts the users that they have malware on their system. The Web site then offers to install software in order to "clean" the viruses, asking users to submit credit card and often personally identifying information. In reality, users' systems likely aren't infected, and the software the user downloads is usually bogus at best, malicious at worst. Cybercriminals are then able to walk off with the user's credit card numbers, or install information-stealing malware on their systems.
Micro-blogging site Twitter has been the mouthpieces of Haiti news, but, like any popular social networking site, is often used by cybercriminals to exploit the tragedy. In this example, provided by Websense, hackers use Twitter accounts to spread links that appear to be sourced from charity or news sites related to the Haiti quake. In reality, these links lead to scam sites created to steal money from charitable donors, or malicious Web sites designed to infect users' computers with malware.
As always, security researchers advise users to verify the legitimacy of non-profit charities before making a donation and avoid clicking on embedded links from unfamiliar sources, even if they appear legitimate.
Spammers are taking advantage of the Haiti tragedy to push more products, distribute malicious links or images -- knowing full well that users will be more likely to open their unsolicited e-mails when they see the word "Haiti" in the subject lines. Sometimes the e-mails, such as this one provided by Websense, appear to be from a non-profit in an attempt to solicit donations for earthquake victims. Other times the spam e-mails only have the word "Haiti" in the subject line in an attempt to promote products such as Viagra and other pharmaceuticals. Other times the e-mails contain fake news updates and images of the devastation, and secretly download Trojans, keyloggers and other malware onto users' computers when opened.
Everyone wants to pitch in and help victims of the Haiti quake. That's not lost on the cybercriminals. In this phishing attack, provided by McAfee, hackers attempt to lure victims with a plea for donations on behalf of a non-existent charity organization. In reality, the hackers are only trying to entice users to click on the malicious link embedded in the body of the text, which in all likelihood will only install information-stealing code on users' computers.
Avoid clicking on links embedded in e-mails, especially if they are from an unknown or untrusted source. In fact, it's best to just delete these babies altogether.
No doubt, cybercriminals will use any technique they can to appeal to users' curiosity and generosity. In this 419 spam e-mail, provided by Symantec, cybercriminals pretending to be earthquake victims briefly illustrate a grim picture of death and destruction before requesting financial assistance. But don't buy it. The link they provide in the e-mail is almost certainly malicious, designed to distribute Trojan horses and keyloggers onto users' computers when opened.
Instead, make donations directly through the Web sites of known and reputable charities.
Cybercriminals are becoming more technically savvy and as a result, their phishing e-mails are becoming increasingly more convincing. Researchers at Symantec recently detected a spam campaign in the days that followed the Haiti earthquake, which appeared to come from the British Red Cross. In actuality, the e-mails were from a spammer who ended up pocketing the subsequent donations.
Unlike other phishing attacks, this e-mail is wordy and lengthy, perhaps in an effort to obfuscate the e-mail's true origins. The e-mail is also (more or less) grammatically correct, and contains lots of statistics and factually based information, which also serve to further legitimize the spam e-mail.
However, one dead giveaway that this is a phishing attack is that the cybercriminals request all donations to be submitted via Western Union money transfer. Among other ways, individuals can safely make a charitable contribution to the Haiti relief directly on the Red Cross Web site, which is authenticated by the padlock icon at the bottom of the screen, indicating that the site is secure. There is absolutely no need to go through Western Union, unless of course, you're a spammer.
Once again, hackers have poisoned Google's search engine results in an effort to get their malicious and spam sites at top of the search pages. In this case, submitted by Symantec, the key words were "Haiti Earthquake Donate," however hackers rely on a slew of predictable keywords to move their malicious sites up the ranks. The fake sites appear legitimate, coming in third behind YouTube.
Google ranks its pages based on keyword algorithms, but cannot assess whether or not those pages are legitimate. Word to the wise -- be wary of Haiti charity sites found via Google or Bing search. Instead, go directly to the Web sites of reputable charities, such as the Red Cross, Doctors Without Borders, or Partners In Health.
Here's another phishing attack pretending to be from the Turkish Red Cross. In this phishing attack, provided by researchers at Sophos, the attackers are much more transparent. For one, this phishing attack e-mail is fraught with grammatical errors -- clearly one would think that Red Cross publicists would be better versed in the English language. Meanwhile, the URL originates from somewhere other than redcross.org, constituting yet another reason to be suspicious.
Be safe and delete these and other similar e-mails from your inbox. And stick with verified, bona fide charities.
Symantec detected this rogue antivirus scam, which started popping up on users' computers as the result of poisoned search results that used keywords relevant to the Haiti earthquake. Many sites use Haiti and other related keywords in their subject lines to entice users to visit Web sites that force them to download rogue anti-virus software. To the untrained eye, fake anti-virus looks convincing, and many users ultimately end up installing bogus or malicious software onto their PCs.
However, security experts recommend that in order to stay safe, users need to go right to the source. For news about Haiti, go to trusted news sites such as CNN or The New York Times. Same goes for anti-virus.