We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,629 News Articles

Beware bogus Haiti online donation scams

British Red Cross email is fake

The FBI is advising people to be careful when evaluating donation programmes related to the earthquake in Haiti as one security firm is already seeing scam emails circulate.

People should apply a "critical eye" to requests for financial donations following Tuesday's earthquake in Haiti, which caused an unknown number of deaths and severe damage to the country's infrastructure.

"Make contributions directly to known organizations rather than relying on others to make the donation on your behalf to ensure contributions are received and used for intended purposes," the FBI said in its advisory.

Scam emails are already emerging.

Symantec noted a so-called 419-style email that purported to come from the British Red Cross.

A 419 scam, named after the number of a statute in Nigeria's criminal code banning the practice, is one in which an email or a letter implores a person to send money for some bogus reason.

Although most people dismiss the appeals, people still do fall for them, especially when they're linked to events such as a natural disaster.

The fake British Red Cross email uses the real London address of the organization, according to Mathew Nisbet, a malware data analyst with Symantec Hosted Services.

The contact email for the British Red Cross is wrong, however, and the organization doesn't collect donations using the Western Union money transfer service, either.

"Any money sent using the instructions in this email would not help anyone in Haiti," Nisbet wrote. "It would end up in the pockets of a cybercriminal."

Other cybercriminals are using the tragedy in Haiti as part of a hook to trick people into visiting other harmful Web sites seeded with fake antivirus applications, according to another security vendor, Websense.

The scammers build a shell of a Web site loaded with, for example, information that purports to relate to the earthquake in Haiti. Using techniques generally banned by various search engines, the scammers are able to get their Web site returned on the first page of results when someone does a search.

Websense researchers show in a video on their blog that, at one point since the tragedy happened, typing "Haiti relief" in Google turned up some of those sites.

When clicked, the sites redirect to other sites hosting fake antivirus programs. Deceptive means are used to trick people into installing the applications. Also, security vulnerabilities can be exploited in order to install the programs. The programs then display pop-up messages and warnings in order to goad users into paying for the programs.

The fake antivirus application scam has become widely prevalent. Security vendor PandaLabs estimated last year that 35 million computers worldwide were infected with those kinds of programs per month.

Haiti Earthquake Appeal - official Red Cross Haiti appeal.

PC security advice


IDG UK Sites

Samsung Galaxy Tab S 8.4 review: The best iPad mini and Nexus 7 rival tablet around

IDG UK Sites

Which Mac? Complete Apple Mac buyers guide for 2014

IDG UK Sites

Mobile email is powerful and useful - but also hopelessly intrusive

IDG UK Sites

Samsung lights up London skyline with Midnight Rainbow