Criminals kick off Japanese disaster scams at record speed
Use news of earthquake, tsunami to solicit donations, trick users into downloading fake AV software, say experts
Computerworld - Criminals have jumped on Japan's twin earthquake and tsunami disasters at record speed, security experts said today.
Scams range from links to fake anti-virus downloads and phony donation sites to classic online swindles that rely on greed.
"What's surprising this time is how quickly they picked up on the news," said Chet Wisniewski, a security researcher with U.K.-based Sophos. "We knew [scams] were coming, but they started appearing in record-breaking time, less than three hours after the earthquake."
Facebook has been used by cyber-crooks to collect information when users click on a link posing as CNN video footage of the tsunami that struck the eastern cost of Japan Friday, said Sophos in a blog post Sunday.
A record 8.9 magnitude earthquake hit Japan mid-afternoon Friday, and a powerful tsunami struck its northeastern coast minutes later. The death toll may reach in the tens of thousands, according to recent reports.
Scammers are also flooding e-mail inboxes with messages asking recipients to donate money to relief efforts, said Eric Park, a Symantec researcher with the company's anti-spam team.
"This is very typical, especially with disasters, because they can ask for donations or pose as a legitimate charitable organization," said Park today.
Another Symantec researcher noted that other scams have appeared taking advantage of news of the earthquake and tsunami. "Symantec has observed a classic 419 message targeting the Japanese disaster," said researcher Samir Patil in a post to the company's security blog today. "The message is a bogus 'next of kin' story that purports to settle millions of dollars owing to an earthquake and tsunami victim."
A "419" scam is a long-used con -- named for a section in the Nigerian criminal code -- that tries to convince victims to advance funds in the hope of realizing a much larger return.
Crooks have also registered a large number of domains with URLs that may fool users into thinking that they're legitimate donation or relief sites, said Patil, a tactic that can also push those sites higher on search results.
Patil said that Symantec spotted more than 50 such domains within hours of last week's earthquake and ensuing tsunami, all with the words "Japan tsunami" or "Japan earthquake" in their URLs.
Other security companies have seen the same thing. Last Friday, for instance, Trend Micro spotted numerous parked domains -- URLs that have been registered but had zero content -- with words like "help," "earthquake," "japan," "tsunami," "relief," and "donations" included in their titles.
Monday, Trend Micro reported on one phishing site that included "japan" in its URL, saying that the site was harvesting e-mail addresses and other personal information from unsuspecting users.
The Internet Crime Complaint Center (IC3) -- a joint effort by the FBI and the National White Collar Crime Center -- issued an alert last Friday that warned consumers to be wary of responding to donation requests following a disaster like Japan's.
Fake anti-virus vendors have also gotten in on the action, according to the SAN Institute's Internet Storm Center (ISC). Makers of the bogus security software -- often called "rogueware" to denote that the essentially worthless programs nag users with multiple pop-ups and fake alerts to pay for the software -- stay atop breaking news by automatically poisoning search engine results with links to their wares.
The ISC came up with a tally of 1.7 million poisoned pages that tout the earthquake and tsunami, a number beyond even Google's ability to rapidly delete.
Users should donate only to legitimate organizations, and only through those groups' Web sites, experts said today. The American Red Cross, for example, is taking donations on its site.
"And remember, many communities have set up their own charity programs, so if you're not sure about a solicitation, go to your local charity, like your local branch of the Red Cross," said Wisniewski.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is email@example.com.
- Disaster hits Japan's semiconductor demand
- How Japan's data centers survived the earthquake
- U.S. roboticists complete mission to Japan's tsunami-hit coast
- Renesas to restart quake-hit factory earlier than expected
- Quake leaves Sony Ericsson with shortages of flagship phones
- Robots enter Fukushima reactor building for first time
- Person Finder a personal success for one Google worker
- Conflicts, disasters could hurt PC shipments in Q2
- Fukushima Daiichi workers clear debris by remote control
- Japanese earthquake shelters getting PCs, WiMax
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Cybersecurity for Dummies eBook This book provides an in-depth examination of real-world attacks and APTs, the shortcomings of legacy security solutions, the capabilities of next-generation firewalls, and...
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- On-demand webinar - 7 Keys to Service Catalog Implementation Success Watch this webinar to learn 7 crucial keys to make your service catalog a success! All Cybercrime and Hacking White Papers | Webcasts