Online scammers prep for Gustav, say researchers
Nearly 100 domains registered, perhaps for repeat of Katrina phishing attacks
August 31, 2008 12:00 PM ETComputerworld - Nearly 100 domains related to Hurricane Gustav have been registered in the past 48 hours, security experts said Sunday, some of which may be used by bogus charity and relief scams after the storm strikes the U.S. Gulf Coast.
According to television station KTAL in Shreveport, La., the office of Louisiana's Attorney General Buddy Caldwell has warned residents of Gustav phishing attacks already in progress.
On Saturday, Marcus Sachs, director of the SANS Institute's Internet Storm Center (ISC), noted that numerous domains containing the word "gustav," "charity," "hurricane" and "relief" had been recently registered.
"On the day [Hurricane] Katrina hit New Orleans [in 2005] hundreds of donation sites appeared online, many if not most were scam sites," said Sachs in a post yesterday to the ISC research blog. "Well, this time around, it looks like the people who like to register domain names in anticipation of a storm's arrival have already started registering them for Gustav."
By Sunday, Sachs had listed almost 100 Gustav sites culled from the DomainTools' Web site. "Most of these sites are parked domains and many of them are for sale," he said. "They will be worth monitoring, particularly if 'donate here' messages appear."
Several of the domains, in fact, do appear to be parked, or registered but not fleshed out with content. Others, including helpgustavictims.com and helpgustavvictions.net, were for sale on eBay as of midday Sunday.
A few, however, led to legitimate charities. The domain gustavcharity.com, for example, redirected users to the Web site of the evangelical Christian organization "Samaritan's Purse," while contributegustav.org took users to the Baton Rouge Area Foundation's site.
Another security expert, Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham, also posted a list of parked domains that may be used for scamming purposes. "Anytime we've seen a natural disaster, we've been on the lookup for domains which might be abused for fraud," said Warner Sunday on his blog. "It was only natural then that I retuned my settings at DomainTools yesterday to alert on Gustav domains."
Warner also pointed out a handful of domains that led to legitimate content.
Three years ago, before and after Hurricane Katrina slammed into New Orleans, security researchers noted a similar run-up of domain registrations. Enough were used for phony relief scams, often by identity thieves hoping to trick consumers into divulging personal information, that the U.S. Department of Justice set up a Katrina antifraud task force.
More than a year later, two brothers were convicted on federal charges for running a fake Salvation Army site that solicited money, supposedly for Katrina relief efforts. The pair, Steven and Bartholomew Stephens, were sentenced to more than 100 months in prison for the scam last December.
Hurricane Gustav
Additional Resources



White Papers & Webcasts
Mastering eDiscovery: The IT Manager's Guide to Preservation, Protection & Production
Get this paper now!
Extending Client Refresh - 11 Steps to Maximize Savings
Register Now!
Not Just Words: Enforce Your Email and Web Acceptable Usage Policies
Get this paper now!
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Email Archiving: A Business-Critical Application
Get this paper now!
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
IBM ISS X-Force Threat and Risk Report
Learn about all aspects of threats that affect Internet security.
Consolidate Your Servers and Storage to Lower Costs with Oracle Database 11g
Register for this webcast!
The New World of eCrime: Targeted Brand Attacks and How to Combat Them
Download This Whitepaper Now!
The Commercialization of ITIL: Lessons Learned
Register for this event today!
