Since 09-07-05
Online scams emerge in Katrina's wake
Since 09-07-05
From: Waspscpo@aol.com
Sent: Wednesday, September 07, 2005 12:08 AM
To: undisclosed-recipients:
Subject: Online scams emerge in Katrina's wake
http://msn-cnet.com.com/Online+scams+emerge+in+Katrinas+wake/2100-7349_3-5845695.html?part=msn-cnet&subj=ns_5845695&tag=tg_nl
Online scams emerge in Katrina's wake
September 1, 2005
By
Dawn Kawamoto
Staff Writer,
CNET News.com
Hurricane Katrina has spawned more than misery and destruction--a new wave of
scam e-mails and Web sites are exploiting the tragedy.
Phony Web sites and e-mails, purporting to offer help to hurricane victims or
provide more news on the destruction, are making their rounds on the Internet,
security experts said Thursday.
One spam campaign that's circulating offers breaking news reports but tricks
people into clicking a link that takes them to a bogus Web site,
according to security firm Sophos
http://dw.com.com/redir?destUrl=http%3A%2F%2Fwww.sophos.com%2Fvirusinfo%2Farticles%2Fkatrina.html&siteId=3&oId=2116-7349-5845695&ontId=1009&lop=nl.ex
. The site attempts to exploit vulnerabilities in Internet Explorer and install
malicious code, including the Troj/Cgab-A Trojan horse, on a victim's system
Sophos said.
Some of these e-mails carry subject headers such as "re: g8 Tropical storm
flooded New Orleans" and "re: q1 Katrina killed as many as 80 people." "If users
click on the link contained inside the e-mail, they will be taken to a malicious
Web site which will try and infect their computer," Graham Cluely, senior
technology consultant for Sophos, said in a statement.
"Once infected, the computer is under the control of remote criminal hackers who
can use it to spy, steal or cause disruption." Other bogus e-mails are
circulating that ask people to aid hurricane victims and their families by
clicking on a PayPal button to make a donation, said Johannes Ullrich, chief
research officer for the Sans Institute.
"They're using PayPal because it allows them to be more anonymous. But if you
reply and ask them for their address to mail the check, they don't respond,"
Ullrich said, noting that in many cases it is difficult to ascertain whether the
e-mail is legitimate.
He advised people to ask the organization for its nonprofit tax ID before making
a donation. That ID number can be checked against the
database housed by the Internal Revenue Service
http://dw.com.com/redir?destUrl=http%3A%2F%2Fapps.irs.gov%2Fapp%2Fpub78&siteId=3&oId=2116-7349-5845695&ontId=1009&lop=nl.ex
. Consumers should also review the list of reputable nonprofit agencies posted
on the
Federal Emergency Management Agency Web site,
http://dw.com.com/redir?destUrl=http%3A%2F%2Ffema.gov&siteId=3&oId=2116-7349-5845695&ontId=1009&lop=nl.ex
he said.
Scams perpetuated on the Internet following a disaster are nothing new. However,
Katrina-related scams seem to be appearing faster than those linked to
relief efforts after the Asian tsunami
http://msn-cnet.com.com/Man+arrested+for+tsunami+e-mail+scam/2110-1038_3-5540174.html?tag=nl
late last year, Ullrich said. "The (fraudulent) activity level is about the
same, but maybe faster," he said.
"It could be because it's a hurricane and you can plan for it. Some of the
domain names with a hurricane suffix are already taken up, because (the United
Nations World Meteorological Organization) comes out with a list of names that
goes out six years in advance."
Currently, there are 106 Web sites that are registered with the name Katrina and
hurricane, weather, disaster, relief or fund included in the domain, according
to security monitoring company Websense.
Of those, roughly a third lack original content and have notices indicating they
are under construction, coming soon, or the domains are up for sale, Websense
said.
------------------------------------------------
Contributed,
YNCS Don Harribine, USN(ret)