• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Bad Sites   »   Watching Out For Typhoon Haiyan Scams

Watching Out For Typhoon Haiyan Scams

  • Posted on:November 19, 2013 at 10:28 pm
  • Posted in:Bad Sites
  • Author:
    Arabelle Mae Ebora (Fraud Analyst)
0

More than a week has passed since Typhoon Haiyan made landfall over the central Philippines, leaving thousands dead or injured, with millions more in need of humanitarian assistance. More than US$248 million in relief has been given both by governments and the private sector to date.

Unfortunately, many scams have already taken advantage of this disaster. For example, fake Facebook pages (like this one) ask for donations via PayPal, which end up in the hands of would-be scammers rather than the hands of legitimate charities:

Figure 1. Facebook page for Haiyan-related scam

This particular Facebook page actually asks users to visit the scammer’s own blog, which asks users to make a “donation” via PayPal. They go so far as to take them to the PayPal payment page – where it becomes clear that the user is sending money to somebody’s personal account and not a legitimate charity.

Fake Facebook pages aren’t the only type of scam that took advantage of the calamity. We spotted several spammed messages with Typhoon Haiyan as the subject. These messages often required the recipients to give their personal information or send money via wire or bank transfers.


Figure 2. Typhoon-themed spam

While it might seem deplorable to take advantage of natural disasters, it’s simply business for cybercriminals. In previous disasters – like the 2011 tsunami/earthquake in Japan – attackers have taken advantage of the tragedy to create phishing pages, spam attacks, and blackhat SEO attacks.

How can users protect themselves from these scams and make sure that their donations end up in the right hands? Here are some useful tips.

  • Give to organizations you know and/or trust. Some scammers will try to pass themselves off as new charities established expressly for this disaster. Instead, donate to well-known charities that have been around for years. Alternately, smaller organizations that you personally know and trust to be reliable can also be a safe choice.
  • Be careful about appeals from social media and e-mail. Appeals to donate to various charities are spreading both via social media and e-mail messages. While many, if not most, of these are not scams, some will be. Some may be appeals from fake charities; others may just be lures to direct users to malicious websites. In either case, be careful about listening to these appeals. If you do decide to give to an organization whose appeal you saw here, go directly to their site by typing their URL into the address bar or using a search engine. This will help minimize the risks from potentially malicious links.
  • Check the payment site carefully. If you’re making a donation online, check the payment site as carefully as you would any other online payment. Whether it’s entering your credit card information directly, or using some other online payment site (like Amazon, Google, or PayPal,) be aware that these can be phished as well.

There are many charities that could use your donations, but this is not the time to let your guard down. These tips can help ensure that your donation gets to where it is needed the most. We also note that you can make donations to the American Red Cross from inside Facebook itself; details can be found in their official blog.

With additional insights from Merianne Polintan

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: charityHaiyanPhilippinesreliefscamstyphoonYolanda

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.