Cybercriminals exploit disaster in Haiti to spread Web scams

In the past, Websense has brought to light many examples of hackers and fraudsters taking advantage of the most popular trends on the Internet to exploit people. Unfortunately, this activity is not limited to just the pop culture elements of today’s news, but also pervades tragic occurrences as well.

This week, Websense Security Labs has detected a number of online scams and malicious exploits pertaining to the recent earthquake and relief efforts in Haiti.

From scam Tweets and spam emails soliciting donations for fraudulent charities, to SEO poisoning – attackers are using multiple vectors to exploit users.  Individuals should be careful clicking on links when searching the Web using popular terms including “Haiti current news”, “Haiti earthquake wiki”, “Haiti death count”, “Haiti disaster” and “Volunteers to Haiti.”

This blog post from the Websense Security Labs explains how cybercriminals use SEO poisoning techniques to get their fraudulent charity Web sites and rogue antivirus attacks into the top search results on search engines like Google and Bing: http://securitylabs.websense.com/content/Alerts/3524.aspx?cmpid=prblog.

Using the Websense ThreatSeeker Network, which scans more than 40 million Web sites and 10 million emails each hour looking for the latest threats, the Websense Security labs has also uncovered examples of spam emails that are soliciting donations for fraudulent charity.

This screenshot shows a spam email that purports to be from the “International Red Cross.” However, it is fraudulent and any donations sent to this source are actually sent to fraudsters:

Similarly, this screenshot shows an example of other types of spam emails that are circulating. These emails use a subject line related to the earthquake as a lure to entice users to open the email and click on links or download attachments. Clicking on those links or downloading the attachments can lead to rogue antivirus sites or other types of malicious elements that will infect the user’s computer.

Lastly, the Websense Security Labs has also discovered examples of Twitter accounts spreading spammy or malicious links. In the screenshot below, the Twitter account is spreading a link that claims to provide news about the situation in Haiti. However, the link actually leads to a dubious Web site dedicated to get rich quick schemes for making money at home:

Websense Web and email security customers are protected from these and other types of attacks. 

In addition to the protection provided by Websense security solutions, here are some tips for staying safer online:

• Do not reply to any unsolicited emails, especially those soliciting donations. Do not click on links in unsolicited emails. If you want to donate to the cause, work with a charity that you have used before and can verify the legitimacy of.
• Be skeptical of anyone claiming via email or social networking sites to be surviving victims or officials asking for donations.
• Verify the legitimacy of non-profit groups by independently checking the group’s existence and reputation, rather than relying on a purported link to the group’s site.
• Be cautious of emails claiming to show photos of the disaster area in attached files. The files may contain computer viruses. Only open attachments sent by people or groups you know and trust.
• Make contributions directly to known charitable organizations, rather than relying on others to relay your donation. Preferably, work with charities that you have donated to before, or that are located in your community. Manually type the URL of a reputable charity’s Web site into your browser rather than follow a link from an email. Or better yet, call the charity directly on the phone to make your donation.
• Never give your personal or financial information to anyone who solicits contributions. Providing that information opens the door to identity theft.
• Do not trust sites that claim to have discovered viruses on your computer. Immediately close your browser window. These sites are often rogue antivirus sites that will infect your computer or take your money as part of a claim that they are cleaning your computer from infection.