Earlier today, we found a phishing site that poses as a donation site to raise money for the victims of the recent earthquake in Japan. The phishing site http://www.japan{BLOCKED}.com is created by using an open-source social networking system Jcow 4.2.1. It is hosted on the IP address 50.61.{BLOCKED}.{BLOCKED}, which is located in the United States. We’ve confirmed that the site is still active as of this writing.

Aside from hosting a phishing site, the cybercriminals behind this attack also abused the blog function of the website and inserted advertisement-looking posts, possibly to increase the site’s SEO ranking.

Such attacks are not uncommon as we’ve previously documented instances of attacks that leveraged natural disasters such as Hurricane Katrina in 2005, Hurricane Gustav in 2008, Chinese Sichuan earthquake in 2008, the latest attack used the Haiti earthquake in 2010.

Users should remember to choose trustworthy organizations when it comes to handing over their donations.

The Trend Micro™ Smart Protection Network™, through the Web reputation technology already blocks access to this phishing site even if a user is duped into clicking its link.

Update as of March 17, 2011, 10:44 PM Pacific Time

We’ve received report from the Council of Anti-Phishing Japan that they’ve seen a similiar phishing site also leveraging on this tragic event. The phishing page poses as the organization Japan Red Cross Society and asks users to send their donations through PayPal.

The said phishing site is now blocked through the Web Reputation Service. Users are strongly advised to steer clear of such sites, and make sure that they go directly to the websites of their organization of choice when sending donations. The real URL for the Japanese Red Cross Society website is http://www.jrc.or.jp.