Before the rescue efforts in Japan got under way, the internet scammers sprung into action. How low can people go, asks CyberShrink.
Probably no country is better prepared for disasters than Japan, and in response to such dramatic images on world-wide television, offers of help poured in, and international rescue teams gathered and flew in.
But what a comment it is on technology and human evil, that before any of these rescue efforts really got underway, internet scammers and thieves sprang into action. In less than three hours after the earthquake, they already had projects underway. The usual seedy fake anti-virus download scams cashed in on the horrors in Japan, phoney donation sites sprang up, and spam poured out begging us to donate money to non-existent victims of the quake.
Many of us are kindly, sincere, caring and naïve enough to be exploitable, and there are predators out there without a scrap of shame, who will be glad to pocket your money, and anything else they can steal.
Symantec which keeps an eye on such online malice, reported tsunami variations on the classic 419 scam we usually associate with Nigerian millionaires needing our help - and a cash advance from us - to move vast sums of money and make us filthy rich. Now it's a fake "next-of- kin" story trying to settle millions of dollars from a flood victim.
The criminals rushed to register many domain names and URLs that sound like legitimate sites through which you might support relief or other aid. These soon crept up the search results, so as to be most easily found. Within hours, over 50 appeared, with "Japan tsunami" or "Japan earthquake" in the URL. Piles of such domains were parked (that is, registered but as yet devoid of content) with titles including words like Japan, tsunami, earthquake and relief or donations. Already at least one phishing site with a "Japan" URL has been harvesting e-mail addresses and other personal data from naïve users.
The SAN Institute's Internet Storm Center (ISC) followed rogueware crooks, who promote fake security software, and who work to contaminate search engine results with links to their muck. The ISC identified 1.7 million suspect pages mentioning earthquake and tsunami, more than even the best efforts of Google or similar search engines can identify and delete rapidly. They are using state-of-the-art keyword seeding methods, using words selected from those provided unfortunately by Google's own "hotttrends" service. (Check for details here)
Similarly, Facebook clickjacking frauds have been at work, such as those claiming to be about a freak tsunami event which "launched a whale into a building". Check for further details here and here.
If you wish to help the victims in Japan, do not donate a cent or give any personal details to any site you might find, other than your genuine local Red Cross site, or other accredited and reputable longstanding sites, including Rotary International. One can also check out the legitimacy of charities on sites such as Charity Navigator.
At the time of the Hurricane Katrina disaster, the U.S. Department of Justice set up the National Center for Disaster Fraud. They work with the FBI and many other agencies, to pursue such scammers, and should you experience such an attempt, you can report it to them at: firstname.lastname@example.org
Didn't Dante allocate space in the eighth circle of Hell for people who profit from the misery of others? Must be getting rather crowded down there, lately.
(Professor M.A. Simpson, aka CyberShrink, March 2011)