Katrina Spawns Scam Scum
Homeland Security officials urge users to beware of hurricane-related phishing attacks
September 3, 2005
Sick fraudsters are using the tragic events in New Orleans and the Southern U.S. to defraud unsuspecting users with elaborate email scams, warns the U.S Department of Homeland Security.
In the aftermath of hurricane Katrina, the Departments U.S Computer Emergency Response Team (US-Cert) has received reports of multiple sites attempting to trick users into donating money to fraudulent organizations. This form of scam, known as phishing, has already caused concern in other parts of the IT industry and the U.S. government (see Gates Opens Up on Security and U.S.: Al Qaeda Eyeing Cyber Threats).
Officials warn that the latest spate of phishing emails may appear as requests from a charitable organization asking users to click on a link. They are then taken to a bogus Website, where they are asked for their personal information.
With these scam emails expected to increase, officials are urging users not to follow unsolicited Web links in email messages.
The agency also recommends users check the Federal Emergency Management Agency Website for a list of legitimate charities.Graham Cluley, senior technology consultant at security analyst Sophos plc, agrees that this activity is on the rise as criminals prey on the goodwill of unsuspecting people. “They really are in the gutter,” he says, adding that email scammers have already attempted to exploit the deaths of U.S. servicemen in Iraq and even the London terrorist attacks.
Sophos has already monitored “thousands” of scam emails linked to hurricane Katrina. “This seems to be a fairly active spam campaign,” Cluley notes. “I received half a dozen emails myself.”
Cluley also warns that by clicking onto a bogus Website, users could find their PCs infected by malware. “Once infected, the computer is under the control of remote criminal hackers who can use it to spy, steal, or cause disruption."
Users should take a number of precautions to avoid this happening, says Cluley. “You should keep your antivirus protection up to date, download security patches from Microsoft, and don’t blindly click on links sent to you in emails."
And the analyst warns that users should also be on the lookout for telltale signs of a scam, such as random characters in the email’s subject line. These, he says, are designed to circumvent the more basic anti-spam filters.— James Rogers, Site Editor, Next-Gen Data Center Forum
You May Also Like