Warnings against »disaster scammers« in the wake of hurricane Sandy

Posted on by ESET Ireland

Every major disaster in the recent years like the Indian ocean tsunamis, hurricane Katrina, the Haiti earthquake and the the Japanese earthquake and nuclear disaster has attracted the attention of the lowest form of cybercriminals, the so called “disaster scammers” – people who try to make a profit on either those already victims of the disaster or those trying to help them out. Several US officials and even the FBI have already issued warnings to people about various forms of scams they could become victims of. Among the more common loansharks, fake builders or water-damaged car salesmen, a special mention also went to online scams.

Online, people are mainly targeted through

  1. “Shocking disaster news” or photos, messages or emails with links supposedly leading to yet unseen disaster footage, which usually direct to survey scams or infected drive-by malware download sites
  2. Search engine optimisation, since cybercriminals know people will use search engines to look for news on the topic, they will fill their malicious sites with buzzwords such as “Sandy”, “hurricane”, etc, to lure visitors to their sites, where they can get infected with drive-by malware.
  3. Through fake charities, donation sites, letters from disaster-stricken people, etc.

As an English speaking country, Ireland has been on the receiving end of these scammers in the past, so we expect it to receive its share of related spam this time around as well. Here’s some advice to prevent getting scammed (mostly courtesy of FBI):

  • Do not click on social media and email “shocking news” or “shocking video” links.
  • Do not go to untrusted websites for news.
  • Do not respond to any unsolicited (spam) e-mails, including clicking links contained within those messages because they may contain viruses.
  • Be sceptical of individuals representing themselves as surviving victims or officials asking for donations via e-mail or social networking sites.
  • Beware of organisations with names similar to but not exactly the same as those of reputable charities.
  • Be cautious of e-mails that claim to show pictures of the disaster areas in attached files, because the files may contain viruses. Only open attachments from known senders.
  • To ensure contributions are received and used for intended purposes, make contributions directly to known organisations rather than relying on others to make the donation on your behalf.
  • Do not be pressured into making contributions, as reputable charities do not use such tactics.
  • Do not give your personal or financial information to anyone who solicits contributions. Providing such information may compromise your identity and make you vulnerable to identity theft.
  • Avoid cash donations if possible. Pay by debit or credit card, or write a check directly to the charity. Do not make checks payable to individuals.
  • Legitimate charities do not normally solicit donations via money transfer services.

Stay safe and think before you click!