Monday, September 01, 2008

Were Internet Scammers Preparing to Exploit Hurricane Gustav?

Gustav has passed and it seems like it wasn't as bad as it could have been. One positive aspect to it all was the emergency responders, who were on top of it this time. They really did a first-class job of ensuring the public's safety and deserve to be commended for their efforts.

Unfortunately, this might not be the case with everyone who was preparing for the worst Gustav might have dished out. Cyber criminals appear to have been positioning themselves on the Internet to divert as much of the relief money as they could get away with. And although it wasn't as bad as it could have been, we might still see these crooks try to take advantage of the situation.

Gary Warner, who is a blogger and computer forensics research type, recently posted a list of names that appear as if they might used to impersonate Gustav relief efforts on his blog. Some of the potential fraud domain names listed include,,,,,,,, and Many more of these domains can be seen on his blog post.

Gary also pointed to interesting package deal of domain names being offered on eBay. The seller has a 94.1 percent approval rating on eBay and offers to give 10 percent of the purchase price to a charity of the buyer's choice. Additionally, he assures anyone bidding on these names that their User ID will be kept private.

eBay isn't the only e-commerce place selling these domain names, I found some on, also. In fact, is reporting that 100 names related to Gustav were registered in less than 48 hours.

The good folks at the SANS Internet Storm Center are also keeping an eye on this activity and have an interesting diary going on about it. They are asking that anyone with any further information about this send them a quick note so they can stay on top of the subject and hopefully report it to the federal authorities.

Whether or not these domain names will be used for fraud is purely speculative at this point. However with the Louisiana Attorney General reporting that phishing attacks using Gustav as a lure have already started, it's probably only a matter of time before some of these sites are used in an attempt to dupe the general public. It should be noted that phishing is a time-tested method used to direct unsuspecting users to fraud websites, where they are tricked out of money via social engineering schemes or can even have malicious software dropped on their operating system. Becoming a Phish normally carries the risk of identity or information theft, also.

Identity theft isn't the only reason malware is dropped on a system. Often the intent is to take over a system and turn it into a member of a botnet so it can be used as a spam spewing zombie. It's always considered wise not to click on links received in e-mails from unknown sources.

The average person can check out if a charity is legitimate by visiting the Better Business Bureau Wise Giving Alliance, Charity Navigator or the American Institute for Philanthropy.

If you happen to detect a site that appears to be fraudulent, the socially responsible thing to do is to report it to Internet Crime Complaint Center.