advertise here



Industry Comment Research   RSS Feed

Webinars Buyers' Guide Podcasts

Related Publications Foward Features




  In partnership with:

28 May 2008

Hackers cash in on disasters

Rob Stringer


The recent ‘cyclone Nargis’ in Burma and the earthquake in China have led to the detection of a number of exploitative online scams.

"There are a number of requests for companies to donate funds to disaster relief organisations being sent via email on the internet," warned David Hobson, managing director of IT security organisation, GSS.

“Unfortunately, most of these email appeals are actually phishing requests, which means that anyone `donating' via the suggested websites may find themselves asked for a variety of personal or company information which could be used for identity theft".

Examples of phishing might include a letter, ostensibly sent from a charity, a victim of the disaster, or a relative, describing their situation in order to gain sympathy before asking for financial help.

Many users are well-accustomed to phishing, and are aware of the caution required on receiving such e-mails, however the disasters have also effected a number of Trojan horses.

These attacks have entered inboxes detailing news on the Chinese disaster. The recipient is invited to open an attached word file, containing an alleged update.

In opening the attachment, the user allows the Trojan horse to download malware onto the computer.

The sheer proportion of scams has been so wide-spread that US Computer Emergency Readiness Team (CERT) have been compelled to issue a warning advising severe caution.

Those wishing to help those affected by the tragedies are advised to donate through professional channels, such as the Red Cross. However, it seems that even this does not ensure a safe transaction after it was recently reported that the official Red Cross website in China had been hacked in order to steal donations

"Over the last few weeks, we've already seen several examples of cybercriminals trying to exploit the natural disasters suffered by China and Burma, and it seems there's no end to their tactics," affirmed Graham Cluley, senior technology consultant for Sophos.

"To avoid falling victim, computer users need to use their common sense and not open emails from people they don't know. By deleting them straight away, you're cutting the fraudsters off before they even have the chance to trick you into giving them money as they pose as victims of the tragedy, or try and install malware on your computer."

Sam Masiello, director of threat management at MX Logic described the opportunistic attacks as ‘sickening’, warning that “we’ve seen this type of scam before after Hurricane Katrina back in 2005 and the Indian tsunami in 2004 and now we are sure to see more scams over the coming weeks that purport to be from relief organisations, and companies who claim to be affiliated with them.”

News index



 

 
Search this Site:
Google Custom Search



Click here...