Phishing, Malware Scams Rise in Katrina's Wake

As heart-wrenching images of devastation and despair from New Orleans and others parts of the Gulf Coast of the U.S. continue to rivet Americans from coast to coast, computer security experts are warning that scammers have already devised elaborate phishing attacks and other online scams meant to target the outpouring of response to hurricane Katrina.

The Federal Bureau of Investigation confirmed it had received complaints about Web sites ostensibly set up to aid victims of Katrina that are actually intended to pilfer credit card numbers and other personal information from unsuspecting victims and the Federal Trade Commission and Better Business Bureau issued consumer warnings.

Capitalizing on a Tragedy

Computer security firm Sophos also warned of an e-mail circulating with news stories inside about the disaster. Clicking on the links in the e-mail takes users to a site that attempts to load virus code onto a user's computer.

Once infected, a computer can be controlled remotely and used by attackers to "spy, steal or cause disruption," according to Sophos senior technology consultant Graham Cluley.

"The hurricane is a dreadful natural disaster, and it's sickening to think that hackers are prepared to exploit the horrendous situation in an attempt to break into computers for the purposes of spamming, extortion and theft," Cluley said. "Everyone should ensure they have defenses in place to properly protect against the very latest malware attacks."

Attempts to capitalize on the tragedy were popping up across the Web. Auction site eBay (Nasdaq: EBAY) said it terminated several auctions of Katrina-related domain names earlier this week.

Disasters of all types have been an opportunity for the Internet industry to shine and to show its dark side at the same time. Major sites such as Amazon.com (Nasdaq: AMZN) and eBay, which helped raised millions of dollars after 9/11, are again posting links on their home pages to the Red Cross and relief organizations.

However, the Sept. 11 aftermath also brought its share of scams, from people selling what were purported to be pieces of debris from the collapsed World Trade Centers on eBay to sites that stole money intended to aid victims.

Preying on Human Nature

With many Americans moved to donate to relief efforts, many scams were being reported that attempted to take advantage of that altruistic impulse.

John Bambenek of the SANS Institute's Internet Storm Center said the institute is looking into more than 200 dot-com domains that have popped up in recent days that contain text dealing with Katrina.

While many are legitimate, others have proven to be scams. Other scams have come in the form of e-mails that contain a link to PayPal, but when SANS attempted to reach e-mail senders to request a physical address to mail a check, no response came.

The FTC, meanwhile, issued a warning to consumers who want to help to give directly to reputable charities and to be skeptical of any e-mail messages or phone calls seeking donations for the victims of Katrina. The Better Business Bureau said while the impulse to donate may be strong, the need for cash donations will still exist weeks from now, giving consumers time to plan their giving carefully.

Analysts say that if past tragedies are any indication, many of the people going online to donate or read news about the aftermath of Katrina are new to the Web, with many making donations that represent their first foray into e-commerce. To have scams target those users could result in a bad first exposure to online transactions and help slow e-commerce growth over time.

Turning to the Web

Americans are also turning to the Web for information on the disaster and in search of ways to help.

According to Nielsen//NetRatings, traffic to several hurricane-related sites has spiked in recent days. RedCross.org saw more than 1.1 million unique visitors on Wednesday alone, about the same number that visited the site during the entire month of December, 2004, when the efforts to aid victims of the Indonesian tsunami were under way.

The research firm noted that the Web is playing an increasingly important role in donation collection, with the Red Cross saying that US$15 million of the $21 million that had been given as of yesterday has come over the Internet.

Traffic to weather sites and news outlets also surged in recent days, with the New Orleans-based NOLA.com site among the fastest-growing sites in terms of traffic.