Haiti Earthquake: Possible scams / malware
Major news organizations reported earlier about a devastating earthquake in Haiti. Unlike the smaller earthquake a few days ago off the coast of California, Internet routing isn't our biggest concern right now. We may see another wave of on-line donation scams.
During Hurricane Katrina, we saw a lot of domains being registered with domain names targeting the disaster. Since then, the pattern in these schemes changes somewhat. Instead of domain registrations, we see more paid search engine placement ads and twitter "tag" poisoning. I just took a quick look, and didn't see anything obviously illegal. Just a few valid charities advertising their services to donors via modern social media techniques and keyword purchases.
Be aware off:
Fraudulent Organizations: If possible, donate to organizations you know and trust, not to new organizations just set up for this particular event. The IRS maintains a list of tax exempt charitable organizations [1]. This list is not 100% up to date, and it takes a while for a new organization to be added. But it can serve as a first sanity check.
Malware: Malware may be advertised as a video report of the event or come under other pretenses.
Please let us know if you come across any scams!
[1] http://www.irs.gov/app/pub-78/
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 27th - Feb 1st 2025 |
Comments