Figure 1. Latest satellite image from the U.S. National Weather Service shows a fading Hurricane Gustav.
The SANS Internet Storm Center has recently warned online users on possible Hurricane Gustav donation scams, noting that there was a rush in the registration of domains with names related to Gustav relief efforts.
The list of newly registered sites has the word Gustav with aid, relief, or recovery attached to it. While there may be nothing malicious with these domains now, it’s very probable that cyber criminals may be attempting to use them for malicious (or illegal) purposes soon.
Exploiting natural disasters (or any other celebrity or global news) for profit is really not a new online threat. One of the more current examples is the spamming operation that followed the massive earthquake that hit China last May, where recipients were given contact information on where they could send their money. Malware authors have also used Hurricane Katrina before as subject of email messages to lure users into installing malware into their systems.
US-CERT has also issued a reminder to online users to be skeptical of unsolicited email messages related to Hurricane Gustav, as these may lead them to phishing Web sites or other scams.
Because it’s an industry now, Web criminal activity is conducted through every means available — the more common examples being spammed email messages and bogus Web sites. Generosity is a wonderful thing, but making sure that donations go to their intended recipients should always come with it.
If you feel compelled to donate online for any natural disaster relief efforts, use known reputable sources such as the Red Cross.