Within hours of last Tuesday's earthquake in Haiti, charities and concerned individuals were scrambling to respond to the catastrophe. From the American Red Cross to Doctors Without Borders, Food for the Hungry to Habitat for Humanity, dozens of organizations were marshaling resources and determining where they could offer aid. At the same time, online scammers were also getting ready. Faced with a tragedy of unbelievable proportions, they recognized that there would soon be a massive wave of public support and moved quickly to divert some of the rich stream of money into their wallets.According to SC Magazine, within an hour of the earthquake, there was a 1,578% increase in Internet traffic related to Haiti and a 5,407% increase in bandwidth usage for Haiti URLs. But this massive outflow of interest had a dark side: malware programs quickly began using search engine optimization to draw visitors to scam earthquake sites.
FBI Puts Up A Scam Alert
Within a day, Websense had identified three malware programs that were drawing in users looking to give charitable donations. The FBI also put up an alert, offering security guidelines for people hoping to make donations. A few days later, it joined with the National Center for Disaster Fraud to establish a hotline for reporting suspicious Haiti websites.
Among some of the purported scams, the link "Haiti earthquake donate" reportedly leads to a suspect website, SC Magazine said. And an FBI website warned of individuals receiving unsolicited emails asking for donations for quake victims.
The Haiti crisis highlights the increasing speed and sophistication of online scams. Part of the reason that cyber-criminals were able to quickly exploit the earthquake is because they have begun to employ long-term business strategies. According to Kurt Roemer, chief security strategist with software company Citrix systems, cyber-criminals have learned to bide their time: "They don't take advantage of security vulnerabilities immediately. Instead, they wait until it is economically viable to do so."
Disasters Make People Less Careful
These vulnerabilities include compromised email addresses, programs that harvest passwords, and even infected Facebook applications. Scammers can use this information to access online accounts, send deceptive emails and otherwise trick users into giving money to nonexistent charities.
Under normal circumstances, this would be a minor problem, but disasters like the earthquake in Haiti make many givers less careful about checking out the sites that they use to send money. By manipulating this generosity, scammers can get hold of bank and credit card information, as well as passwords and email contact information.
While catastrophes make charitable givers more vulnerable, they are also dangerous for criminals. Roemer notes that disasters are a "Ripe time to uncover operations and shut them down." When tragedies like Haiti draw scammers into the open, security professionals at Apple (AAPL), McAfee (MFE), Symantec (SYMC), Sans.org and other companies are often waiting.
Many Scammers Are Overseas
Unfortunately, many of these criminals are based in Nigeria, Eastern Europe, Asia and other areas where the laws governing cybercrime are lax or nonexistent. But, by uncovering their methods, security professionals are able to make the Web safer.
Roemer offers a few key techniques for maximizing online safety during a crisis. First, he suggests that users make their donations on known, reputable sites like the American Red Cross or iTunes. Also, he notes that many employees can securely donate through their employers, and some companies will even match funds.
Another tip is to go directly to charitable sites, google the companies and otherwise check out the organization that is collecting money. Most important, he stresses the need to "care responsibly."
Take the first steps to building your portfolio.View Course »