After the earthquake that hit Haiti last January 12, the Internet was flooded with requests for financial donations from all sorts of companies and organizations. It should be noted that not all of these were true to their stated intentions.
Martin Roesler, Trend Micro Director of Threat Research, warns Internet users to be very careful when clicking links regarding the latest earthquakes in Haiti. “We have already seen fake donation sites, spam, and FAKEAV-related search engine optimization (SEO) poisoning attacks using this event as a social engineering tactic and their number is still increasing. Users who really want to make a donation should ensure that they do so only on trusted sites, that all the security features of their Web browsers are enabled, and that they manually double-check the URLs they are connecting to. Do not trust email messages offering ‘one-click-donation’ or similar services.”
The spammed message above poses as a call for relief goods and donations supposedly from the UNICEF International Response Fund. It even described the supposed efforts the agency is currently engaging in to assist victims of the recent Haiti earthquake. Unfortunately, however, the link to the supposed donation site was found to lead to a phishing page instead.
Users searching for information about the event are also at risk of landing on malicious sites due to SEO poisoning. Clicking poisoned links lead to the installation of TROJ_FAKEAV.ZXS, a FAKEAV variant.
Using tragedies as a social engineering tactic is no longer new to cybercriminals. Natural calamities, celebrity deaths, viral videos, and other controversial stories—just about anything that can create a huge ruckus on the Web—are just some of their staple scam triggers. As such, both the Federal Bureau of Investigation (FBI) and CNET have released articles to make would-be donors aware of these and thereby protect themselves.
Trend Mico™ Smart Protection Network™ protects users from threats like these in real time by preventing spammed messages from reaching their inboxes, blocking access to identified malicious sites and domains, and detecting and preventing the download of malicious files.