Just over a week ago, we posted a social engineering watch about Hurricane Gustav and how this potential catastrophe might be leveraged by social-engineering criminals to victimize online users.
Now here’s a concrete Web incident to back that warning.
The Hurricane Gustav connection is not really that apparent in the following spammed email message:
It informs recipients that they received a postcard, and if they desire to view it, they should click any of the two links in the message body. Recipients who are lured into believing that some family member actually have sent them a postcard are redirected to the following Web page when they click either link:
The nameless family member (one would immediately notice that this is so impersonal) who sent the postcard also wants the recipient to donate to Gustav victims.
A well-crafted “postcard” and a chance to help people in need, how heartwarming! But only if there indeed was a legitimate card, and only if the money actually went to those affected by the hurricane. Even if the Web site says so, donations through this dubious channel do not go to Red Cross. The criminals behind this scam are the only ones who get to keep the money.
Trend Micro Smart Protection Network already blocks these email messages and keeps them from even reaching users’ inboxes. Smart Protection Network uses correlation technology to analyze disparate computer activities and behavior to determine whether malicious activity is present.
Donations should be made only through reputable sources like Red Cross, whose legitimate Web site is http://www.redcross.org/.