Criminals have jumped on Japan's twin earthquake and tsunami disasters at record speed, security experts said today. Scams range from links to fake antivirus downloads and phony donation sites to classic online swindles that rely on greed.
"What's surprising this time is how quickly they picked up on the news," said Chet Wisniewski, a security researcher with Sophos. "We knew [scams] were coming, but they started appearing in record-breaking time, less than three hours after the earthquake."
Facebook has been used by cyber-crooks to collect information when users click on a link posing as CNN video footage of the tsunami that struck the eastern cost of Japan Friday, said Sophos in a blog post Sunday.
A record 8.9 magnitude earthquake hit Japan mid-afternoon Friday, and a powerful tsunami struck its northeastern coast minutes later. The death toll may reach in the tens of thousands, according to recent reports.
Scammers are also flooding email inboxes with messages asking recipients to donate money to relief efforts, said Eric Park, a Symantec researcher with the company's anti-spam team. "This is very typical, especially with disasters, because they can ask for donations or pose as a legitimate charitable organisation," said Park today.
Another Symantec researcher noted that other scams have appeared taking advantage of news of the earthquake and tsunami.
"Symantec has observed a classic 419 message targeting the Japanese disaster," said researcher Samir Patil. "The message is a bogus 'next of kin' story that purports to settle millions of dollars owing to an earthquake and tsunami victim."
A "419" scam is a long-used con, named for a section in the Nigerian criminal code, that tries to convince victims to advance funds in the hope of realising a much larger return.
Crooks have also registered a large number of domains with URLs that may fool users into thinking that they're legitimate donation or relief sites, said Patil, a tactic that can also push those sites higher on search results. Patil said that Symantec spotted more than 50 such domains within hours of last week's earthquake and ensuing tsunami, all with the words "Japan tsunami" or "Japan earthquake" in their URLs.
Other security companies have seen the same thing. Last Friday, for instance, Trend Micro spotted numerous parked domains, URLs that have been registered but had zero content, with words like "help," "earthquake," "japan," "tsunami," "relief" and "donations" included in their titles.
Monday, Trend Micro reported on one phishing site that included "japan" in its URL, saying that the site was harvesting email addresses and other personal information from unsuspecting users.
The Internet Crime Complaint Center (IC3), a joint effort by the FBI and the National White Collar Crime Center, issued an alert last Friday that warned consumers to be wary of responding to donation requests following a disaster like Japan's.
Fake anti-virus vendors have also gotten in on the action, according to the SAN Institute's Internet Storm Center (ISC). Makers of the bogus security software stay atop breaking news by automatically poisoning search engine results with links to their wares.
The ISC came up with a tally of 1.7 million poisoned pages that tout the earthquake and tsunami, a number beyond even Google's ability to rapidly delete.
Users should donate only to legitimate organisations, and only through those groups' websites, experts said today. The Red Cross, for example, is taking donations on its site.
"And remember, many communities have set up their own charity programs, so if you're not sure about a solicitation, go to your local charity, like your local branch of the Red Cross," said Wisniewski.