More than a week has passed since Typhoon Haiyan made landfall over the central Philippines, leaving thousands dead or injured, with millions more in need of humanitarian assistance. More than US$248 million in relief has been given both by governments and the private sector to date.
Unfortunately, many scams have already taken advantage of this disaster. For example, fake Facebook pages (like this one) ask for donations via PayPal, which end up in the hands of would-be scammers rather than the hands of legitimate charities:
Figure 1. Facebook page for Haiyan-related scam
This particular Facebook page actually asks users to visit the scammer’s own blog, which asks users to make a “donation” via PayPal. They go so far as to take them to the PayPal payment page – where it becomes clear that the user is sending money to somebody’s personal account and not a legitimate charity.
Fake Facebook pages aren’t the only type of scam that took advantage of the calamity. We spotted several spammed messages with Typhoon Haiyan as the subject. These messages often required the recipients to give their personal information or send money via wire or bank transfers.
Figure 2. Typhoon-themed spam
While it might seem deplorable to take advantage of natural disasters, it’s simply business for cybercriminals. In previous disasters – like the 2011 tsunami/earthquake in Japan – attackers have taken advantage of the tragedy to create phishing pages, spam attacks, and blackhat SEO attacks.
How can users protect themselves from these scams and make sure that their donations end up in the right hands? Here are some useful tips.
- Give to organizations you know and/or trust. Some scammers will try to pass themselves off as new charities established expressly for this disaster. Instead, donate to well-known charities that have been around for years. Alternately, smaller organizations that you personally know and trust to be reliable can also be a safe choice.
- Be careful about appeals from social media and e-mail. Appeals to donate to various charities are spreading both via social media and e-mail messages. While many, if not most, of these are not scams, some will be. Some may be appeals from fake charities; others may just be lures to direct users to malicious websites. In either case, be careful about listening to these appeals. If you do decide to give to an organization whose appeal you saw here, go directly to their site by typing their URL into the address bar or using a search engine. This will help minimize the risks from potentially malicious links.
- Check the payment site carefully. If you’re making a donation online, check the payment site as carefully as you would any other online payment. Whether it’s entering your credit card information directly, or using some other online payment site (like Amazon, Google, or PayPal,) be aware that these can be phished as well.
There are many charities that could use your donations, but this is not the time to let your guard down. These tips can help ensure that your donation gets to where it is needed the most. We also note that you can make donations to the American Red Cross from inside Facebook itself; details can be found in their official blog.
With additional insights from Merianne Polintan