Feeds

Fraudsters target disaster searches again

The usual scumbag sucker-punch

  • alert
  • submit to reddit

Website security in corporate America

Adding to the public’s growing disaster fatigue following the Japan and New Zealand earthquakes, online fraudsters have been prolific in attempts to try and scam charity donors.

According to Symantec’s April report, phishers have been trying to take advantage of the situation in Japan and New Zealand by creating fake donation sites and sending spam donation emails.

The fraudsters using the New Zealand earthquake to their advantage also created a phishing site, based in Austria, spoofing the Red Cross website for New Zealand and requested help from end users. To make the donation, users were required to enter certain confidential information including email address, postal address, credit card number, three digit security number, card expiration date, four digit PIN code, driver license number, and date of birth. Upon entering the required information, the Web page redirected victims to the legitimate Red Cross website.

In the case of Japan, emails were sent containing an image with a link that leads to malware. Once the link is opened, the user is asked to download and install an executable file that is malware related to a Brazilian banking Trojan.

The malware gathers the user’s Internet banking credentials and other sensitive information. The scammers have also been exploiting the relief efforts by sending 419 scam emails that have been prevalent ever since the natural disaster took place, which include a Nigerian styled fake personalized messages that urge people to help the survivors of the earthquake and tsunami while the country is battling a nuclear crisis. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Blood-crazed Microsoft axes Trustworthy Computing Group
Security be not a dirty word, me Satya. But crevice, bigod...
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.