19 January 2010

Online Criminals Using Haiti Earthquake

Scam Pages
Faye V. Ilogon of GMANews.TV reported that online scammers lost no time in taking advantage of the killer earthquake that devastated Haiti last on Tuesday, 12 January.

Computer security firm Symantec sent out a 'threat bulletin' warning the public that cyber-criminals are out to rip-off Good Samaritans.

Just like in past disasters such as 'Ondoy', they’ve set up poison search results that can infect computers with malware. They’ve also sent phony emails luring people to Web sites devised to steal their money.

The Haitian earthquake scam e-mail sent to Filipino users supposedly comes from a Haitian residing in Manila, with the address 'Haiti Avenue, Manila.' The bogus address alone would have been a dead giveaway. However, hardly anybody checks addresses when confronted by catastrophes.

The scam email then sender explains that he is the chief coordinator and founder of Yele Haiti, a volunteer organization helping the children of Haiti. In reality, the said organization is the brainchild of musician Wyclef Jean.

The sender goes on to ask people to send their donation to their 'regional coordinator accounting officers' in the Philippines via Western Union. The money, according to the sender, would be used to buy 'food, medicine, and vaccines.'

As if to assuage any doubts people may have, the sender assured, "We have a base with the Red Cross and UNICEF in the Philippines [and] from this base we cargo all this material by Air Freight to Haiti."

Security experts urge computer users to follow best practices for online safety and be more cautious when donating money online. Scammers bank on the outpouring of support during catastrophes.

When it comes to donating to a charity online, experts at Symantec advised, "Avoid clicking on suspicious links in email or IM messages as these may be links to spoofed Web sites. Symantec security experts suggest typing Web addresses, such as those from a charitable organization, directly into the browser rather than clicking on links within messages."

They reiterated that it's not wise for anyone to "fill out forms in messages that ask for personal or financial information or passwords."

"A reputable charitable organization is unlikely to ask for your personal details via e-mail. When in doubt, contact the organization in question via an independent, trusted mechanism, such as a verified telephone number, or a known Internet address that you type into a new browser window. Do not click or cut and paste from a link in the message," they added.