Officials warn of scams in the wake of the disasters in Japan. Here's how to avoid them.
Elinor MillsFormer Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
In every disaster scammers see an opportunity, and the crisis in Japan is no exception. Already there have been fake Red Cross e-mails circulating and there will no doubt be more scams coming.
Those e-mails appear to come from the British Red Cross. They provide some news on the earthquake and tsunami in Japan and urge people to donate to a Yahoo e-mail address on a Moneybookers account, a money transfer service that enables recipients to remain anonymous, according to App River, an e-mail hosting and security services provider.
However, real charities have e-mail addresses with their own domain and typically send people to their own Web site to make donations.
E-mails seeking "donations" via random payment services are just one way scammers can exploit catastrophes. E-mails can also include links or attachments that lead to phishing or malware-hosting Web sites. And scammers can sneak Web sites hosting malware into Web searches based on popular search terms and even create new topical Web sites solely for the purpose of hosting malware.
Here are tips for avoiding scams that piggyback on disasters and other high-profile events:
• Do not follow unsolicited Web links or attachments in e-mail messages. Be particularly cautious about clicking on photos and videos that purport to show dramatic images or footage of disasters as they can be used as bait and lead to malware.
• Do not provide sensitive information, such as bank account information or Social Security number, in response to an e-mail.
• Keep your antivirus and other software up to date.
• Verify the legitimacy of the e-mail by going directly to the charity's Web site or calling the group.
• Find out details about the organization by searching on the Better Business Bureau's site, or GuideStar. Attorneys general often have searchable databases of charitable groups in their states. (California's, for example, is here.) The U.S. Agency for International Development (USAID) also has valuable information about how best to help victims in international disasters.
• Be wary of sites that resemble legitimate organizations or that have copycat names that are similar to reputable organizations. For instance, most legitimate charitable organizations will have a Web address that ends in ".org" instead of ".com."
• Be skeptical of people claiming to be survivors and asking for donations via e-mail or social networks.
• Ask how much of the donation goes to charity and how much goes to administration.
• Use credit cards or checks; do not send cash. Do not make checks payable to an individual. Only provide your credit card information once you feel certain that the organization is credible and do not use money payment services to make contributions.
• Do not feel pressured into giving donations.
Update 11:45 a.m. PT: GFI Labs blog is reporting on Twitter spam with a link that leads to a brand new site purporting to sell an electronic book on how to "minimize your chances of [getting] radiation sickness." And Sophos reports on malware circulating that poses as links to videos about the Japanese tsunami, as well as dangerous links sent via Twitter notifications.
Update 2:42 p.m. PT: GFI Labs blog is reporting about e-mails coming from "ICRC Basedhelping Foundation" that are seeking disaster donations. Kaspersky also is reporting about Japan quake-related e-mails with links in them that lead to pages with Java exploits designed to install malicious programs.
Update 4:42 p.m. PT: Sophos reported over the weekend about a clickjacking attack in which Facebook users were tricked into liking a YouTube video link that purported to show video of a whale hitting a building during the tsunami in Japan.