The deadly twisters that ripped through Kansas this week and the historic floods sweeping through the Upper Midwest will soon give rise to donation scams and malicious attacks, the SANS Storm Center warned on Friday.
Johannes Ullrich, the center’s chief technology officer, told SCMagazineUS.com that he is tracking at least a dozen websites that have been registered with URLs related to the storm — names such as www[dot]iowafloods[dot]com.
Most are parked, but could become active sites within days, he said.
If they do, chances are the sites will host bogus donation drives — a phishing technique that first became prominent following Hurricane Katrina and the Asian tsunami, Ullrich said. These same sites could also be used to house a malicious software attack.
In one possible scenario, unsuspecting users may be lured to a website claiming to contain video of the wicked weather, Ullrich said. But when they try to install a codec to view the video, victims’ machines are slapped with a trojan.
He said he would not be surprised if these emails start spreading around in large numbers thanks to help from a botnet such as the Storm Worm.
The Storm Worm, interestingly, first appeared in January 2007 after a deadly wind storm battered Europe.
Ullrich said social engineering that hones in on disasters is an effective money-making method for cybercrooks.
“People are interested in it and want to learn more about it,” he said. “They don’t really think a disaster can be used maliciously.”
There is nothing illegal about registering websites that refer to these natural disasters; however they will be taken down at the first signs of malicious intent, domain registrars have said.
Businesses are encouraged to educate users on the dangers of visiting untrusted websites.
“Definitely don’t donate to any of these websites,” Ullrich said, offering an example.
“Go to the Red Cross site, not a website that claims to be set up by the Red Cross,” he said.
Laura Howe, a spokeswoman for the American Red Cross, told SCMagazineUS.com that individuals wishing to donate to the organization “should always know that the official giving portal is through redcross.org.”
Should someone use the Red Cross name for fraudulent purposes, the organization will contact authorities, she said. Legitimate sites wishing to collect funds for the group can sign a third-party fund-raising agreement.
Ken Dunham, director of global resopnse at iSight Partners, a risk analysis firm, said ploys preying on disasters and other big news events are nothing new – but users need to keep their guards up.
“People need to realize that just because it looks legitimate doesn’t mean it is,” he said. “Businesses can come and go in a night on the internet.”
The IRS contains a searchable list of verified charities on its website.