02:08 PM
Connect Directly

US-CERT Warns About Phishers Scamming Disaster Donors

Since the earthquake in China last week and the cyclone in Myanmar, cyber criminals have been trying to capitalize on the tragedies, officials say.

The United States Computer Emergency Readiness Team (US-CERT) on Monday warned computer users to be wary of phishing scams related to recent natural disasters in China and Myanmar.

"Phishing scams may appear as requests for donations from a charitable organization asking users to click on a link that will take them to a fraudulent website that appears to be a legitimate charity," US-CERT said. "The users are then asked to provide personal information that can further expose them to future compromises."

Since the earthquake in China last week, cyber criminals have been trying to capitalize on the tragedy. The official Red Cross Web site in China was recently hacked in order to steal donations, according to a Chinese news report translated by Scott J. Henderson, who runs a blog called The Dark Visitor. And on Monday, Websense Security Lab reported about a phishing site that "poses as a representative of the Red Cross and provides multiple bank account numbers for donors to wire their donations to."

Jim Clausing, a security researcher at the SANS Institute's Internet Storm Center, observed on Saturday that scammers have been setting up fake sites to collect donations for years.

"Ever since Hurricane Katrina back in 2005, we've seen after every significant natural disaster, the scammers start registering domains and try to collect donations," he wrote in a blog post. "The last two weeks have seen Cyclone Nargis hit Myanmar and then the big earthquake in China and as expected, we've seen registration of domains related to those disasters."

Coincidentally, on Monday, the U.S. Department of Justice charged 38 individuals in the United States and Romania with computer and credit card fraud. Those charged are alleged to have participated in a variety of phishing and 'smishing' -- phishing via SMS -- schemes.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-04-27
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before iFix8, 6.0.4 before iFix...

Published: 2015-04-27
IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before, and 6.0.5 before requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause...

Published: 2015-04-27
The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation...

Published: 2015-04-27
The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 before does not properly handle configuration data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

Published: 2015-04-27
IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.