Criminals kick off Japanese disaster scams at record speed
Use news of earthquake, tsunami to solicit donations, trick users into downloading fake AV software, say experts
Computerworld - Criminals have jumped on Japan's twin earthquake and tsunami disasters at record speed, security experts said today.
Scams range from links to fake anti-virus downloads and phony donation sites to classic online swindles that rely on greed.
"What's surprising this time is how quickly they picked up on the news," said Chet Wisniewski, a security researcher with U.K.-based Sophos. "We knew [scams] were coming, but they started appearing in record-breaking time, less than three hours after the earthquake."
Facebook has been used by cyber-crooks to collect information when users click on a link posing as CNN video footage of the tsunami that struck the eastern cost of Japan Friday, said Sophos in a blog post Sunday.
A record 8.9 magnitude earthquake hit Japan mid-afternoon Friday, and a powerful tsunami struck its northeastern coast minutes later. The death toll may reach in the tens of thousands, according to recent reports.
Scammers are also flooding e-mail inboxes with messages asking recipients to donate money to relief efforts, said Eric Park, a Symantec researcher with the company's anti-spam team.
"This is very typical, especially with disasters, because they can ask for donations or pose as a legitimate charitable organization," said Park today.
Another Symantec researcher noted that other scams have appeared taking advantage of news of the earthquake and tsunami. "Symantec has observed a classic 419 message targeting the Japanese disaster," said researcher Samir Patil in a post to the company's security blog today. "The message is a bogus 'next of kin' story that purports to settle millions of dollars owing to an earthquake and tsunami victim."
A "419" scam is a long-used con -- named for a section in the Nigerian criminal code -- that tries to convince victims to advance funds in the hope of realizing a much larger return.
Crooks have also registered a large number of domains with URLs that may fool users into thinking that they're legitimate donation or relief sites, said Patil, a tactic that can also push those sites higher on search results.
Patil said that Symantec spotted more than 50 such domains within hours of last week's earthquake and ensuing tsunami, all with the words "Japan tsunami" or "Japan earthquake" in their URLs.
Other security companies have seen the same thing. Last Friday, for instance, Trend Micro spotted numerous parked domains -- URLs that have been registered but had zero content -- with words like "help," "earthquake," "japan," "tsunami," "relief," and "donations" included in their titles.
Monday, Trend Micro reported on one phishing site that included "japan" in its URL, saying that the site was harvesting e-mail addresses and other personal information from unsuspecting users.
The Internet Crime Complaint Center (IC3) -- a joint effort by the FBI and the National White Collar Crime Center -- issued an alert last Friday that warned consumers to be wary of responding to donation requests following a disaster like Japan's.
Fake anti-virus vendors have also gotten in on the action, according to the SAN Institute's Internet Storm Center (ISC). Makers of the bogus security software -- often called "rogueware" to denote that the essentially worthless programs nag users with multiple pop-ups and fake alerts to pay for the software -- stay atop breaking news by automatically poisoning search engine results with links to their wares.
The ISC came up with a tally of 1.7 million poisoned pages that tout the earthquake and tsunami, a number beyond even Google's ability to rapidly delete.
Users should donate only to legitimate organizations, and only through those groups' Web sites, experts said today. The American Red Cross, for example, is taking donations on its site.
"And remember, many communities have set up their own charity programs, so if you're not sure about a solicitation, go to your local charity, like your local branch of the Red Cross," said Wisniewski.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
- Disaster hits Japan's semiconductor demand
- How Japan's data centers survived the earthquake
- U.S. roboticists complete mission to Japan's tsunami-hit coast
- Renesas to restart quake-hit factory earlier than expected
- Quake leaves Sony Ericsson with shortages of flagship phones
- Robots enter Fukushima reactor building for first time
- Person Finder a personal success for one Google worker
- Conflicts, disasters could hurt PC shipments in Q2
- Fukushima Daiichi workers clear debris by remote control
- Japanese earthquake shelters getting PCs, WiMax
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Gartner Magic Quadrant for Client Management Tools The client management tool market is maturing and evolving to adapt to consumerization, desktop virtualization, and an ongoing need to improve efficiency.
- Audit Ready and Asset Optimized: The Solid Promise of an Intelligent Software Asset Management Solution In this paper Frost & Sullivan examines the benefits of enterprise-grade Software Asset Management solutions, and how these solutions serve as the convergence...
- Pragmatic Endpoint Management: Empowering an SMB Workforce in the Age of Mobility Lacking the time for proper training and education, SMB administrators often resort to taking shortcuts to keep their environment running.This paper discusses the...
- Gartner Magic Quadrant for Application Security The market for application security testing is changing rapidly. Technology trends, such as mobile applications, advanced Web applications and dynamic languages, are forcing...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Cybercrime and Hacking White Papers | Webcasts