"Phishing scams may appear as requests for donations from a charitable organization asking users to click on a link that will take them to a fraudulent website that appears to be a legitimate charity," US-CERT said. "The users are then asked to provide personal information that can further expose them to future compromises."
Since the earthquake in China last week, cyber criminals have been trying to capitalize on the tragedy. The official Red Cross Web site in China was recently hacked in order to steal donations, according to a Chinese news report translated by Scott J. Henderson, who runs a blog called The Dark Visitor. And on Monday, Websense Security Lab reported about a phishing site that "poses as a representative of the Red Cross and provides multiple bank account numbers for donors to wire their donations to."
Jim Clausing, a security researcher at the SANS Institute's Internet Storm Center, observed on Saturday that scammers have been setting up fake sites to collect donations for years.
"Ever since Hurricane Katrina back in 2005, we've seen after every significant natural disaster, the scammers start registering domains and try to collect donations," he wrote in a blog post. "The last two weeks have seen Cyclone Nargis hit Myanmar and then the big earthquake in China and as expected, we've seen registration of domains related to those disasters."
Coincidentally, on Monday, the U.S. Department of Justice charged 38 individuals in the United States and Romania with computer and credit card fraud. Those charged are alleged to have participated in a variety of phishing and 'smishing' -- phishing via SMS -- schemes.