September 01, 2005

Hurricane Scams

Folks, I heard from Brian Krebs of the Washington Post this morning, who wrote:
Katrina Phishing Scams Begin

It was bound to happen. On a hunch that we might see phishing scams popping up that take advantage of the terrible destruction that Hurricane Katrina has wrought on the Gulf Coast, I started looking up new Web address registrations for possible scam sites. In just a few minutes, I stumbled upon Katrinahelp.com, which claims to be a donation site for Katrina victims but was almost certainly constructed to steal Paypal usernames and passwords.

The DNS records have very little information on the registrant, which should be the first red flag. The only information in the DNS record is a P.O. box address registered to one "Demon Moon."

What's more, when you click on the "donate" link on the site, you are taken to a Web site designed to look just like Paypal.com. Only problem is that if you visit the site in Firefox, you will see that the Web address in the URL field is still Katrinahelp.com, when it should be Paypal.com.

Maybe this site tries to pull some tricks to manipulate what you see in that window if you visit the page with Microsoft's Internet Explorer browser, but I don't know. I haven't tried it yet. My advice would be to just stay away from this site altogether. I am sure the authorities will have it shuttered soon anyhow.

This same individual also appears responsible for www.katrinadonations.com and www.katrinarelief.com. If you check out the link at the top of this blog post, you can almost certainly find other newly-registered Web site addresses that scammers are poised to use for hurricane-related fraud.

If you plan to make a contribution to a Katrina relief fund, there are plenty of legitimate organizations online who you can feel confident are not scam artists.

I'd like to think that these sites represent an aberration, but if the wave of scams that emerged in the wake of last year's tsunami in Indonesia is any indication, the scumbag phishers are likely only getting started.

UPDATE, 1:49 p.m. ET: It appears there also are a number of eBay auctions selling Katrina-related domain names. In each auction, the seller claims that a portion of the final auction price will be donated to Katrina relief efforts. One such auction, which promises "3 PREMIUM HURRICANE KATRINA DOMAINS"OURTSUNAMI .COMS" claims it will donate half of the proceeds to the American Red Cross. The starting bid is $15,000.

UPDATE, 2:50 p.m. ET: As I just discovered, and as one reader just pointed out, three sites listed above do in fact route payments through Paypal, so the people who put these sites together don't appear to be trying to steal Paypal usernames and passwords. Still, there is absolutely no guarantee that even one dollar of your donation would ever go beyond the pockets of the folks who put up these sites.

By Brian Krebs August 31, 2005; 12:41
http://blogs.washingtonpost.com/securityfix/2005/08/katrina_phishin.html

No comments:

We Are Back

SmoothStone is excited to announce that we have moved to our new site at: https://smoothstoneblog.net   Look forward to seeing you th...