US-CERT Warns About Phishers Scamming Disaster Donors

Since the earthquake in China last week and the cyclone in Myanmar, cyber criminals have been trying to capitalize on the tragedies, officials say.

Thomas Claburn, Editor at Large, Enterprise Mobility

May 20, 2008

2 Min Read

The United States Computer Emergency Readiness Team (US-CERT) on Monday warned computer users to be wary of phishing scams related to recent natural disasters in China and Myanmar.

"Phishing scams may appear as requests for donations from a charitable organization asking users to click on a link that will take them to a fraudulent website that appears to be a legitimate charity," US-CERT said. "The users are then asked to provide personal information that can further expose them to future compromises."

Since the earthquake in China last week, cyber criminals have been trying to capitalize on the tragedy. The official Red Cross Web site in China was recently hacked in order to steal donations, according to a Chinese news report translated by Scott J. Henderson, who runs a blog called The Dark Visitor. And on Monday, Websense Security Lab reported about a phishing site that "poses as a representative of the Red Cross and provides multiple bank account numbers for donors to wire their donations to."

Jim Clausing, a security researcher at the SANS Institute's Internet Storm Center, observed on Saturday that scammers have been setting up fake sites to collect donations for years.

"Ever since Hurricane Katrina back in 2005, we've seen after every significant natural disaster, the scammers start registering domains and try to collect donations," he wrote in a blog post. "The last two weeks have seen Cyclone Nargis hit Myanmar and then the big earthquake in China and as expected, we've seen registration of domains related to those disasters."

Coincidentally, on Monday, the U.S. Department of Justice charged 38 individuals in the United States and Romania with computer and credit card fraud. Those charged are alleged to have participated in a variety of phishing and 'smishing' -- phishing via SMS -- schemes.

About the Author(s)

Thomas Claburn

Editor at Large, Enterprise Mobility

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful master's degree in film production. He wrote the original treatment for 3DO's Killing Time, a short story that appeared in On Spec, and the screenplay for an independent film called The Hanged Man, which he would later direct. He's the author of a science fiction novel, Reflecting Fires, and a sadly neglected blog, Lot 49. His iPhone game, Blocfall, is available through the iTunes App Store. His wife is a talented jazz singer; he does not sing, which is for the best.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights