I'm a night owl, so I was awake and watching TV when the breaking news of the Japan earthquake came in. Then I watched in horror as the tsunami waters rushed across farmland, washing away everything in its path. This morning, as my friends awoke to the news, I saw many Facebook and Twitter status updates about trying to reach the Red Cross or wondering how to help the victims and survivors. There has been a heartening outpour of goodwill already.
That goodwill is exactly what the bad guys are expecting. Within hours of the earthquake, the Internet Storm Center posted a warning to expect spam and malware that will prey on people looking for information on how to donate. As the Threat Post blog reported:
Jumping on major and breaking news stories is a tried and true method to trick unsuspecting, curious or concerned Internet users into opening malicious attachments or clicking malicious links they might otherwise avoid. Scammers have become adept at using search engine optimization (SEO) strategies to place scam Web pages high in the search results of major search engines like Google, though the company has recently made changes to its search algorithm that weed out bogus pages and other kinds of low-value Web sites generated by so-called "content farms."
Using tragedy for financial or otherwise evil gain is something we have to automatically expect these days. If it is a major news story, the bad guys will find some way to capitalize on it and take advantage of sympathetic but unsuspecting folks just trying to do their part to help. The bad guys will load websites with SEO to rise to the top of searches, as well as send out e-mails that spoof well-known agencies. To avoid being scammed by a criminal, the Internet Storm Center also posted this reminder:
If possible, donate to organizations you know and trust, not to new organizations just set up for this particular event. The IRS maintains a list of tax exempt charitable organizations. This list is not 100% up to date, and it takes a while for a new organization to be added. But it can serve as a first sanity check.