With the recent earthquake in Haiti, my thoughts instantly went to the friends I have known over the years who were from Haiti. Thank goodness for Facebook is all I can say! I was able to send prayers and well wishes to my friends that I haven’t seen in at least fifteen years and keep up with what was happening to them and their families. Social engines not only are helping to keep friends and family in the know, to get information out almost instantly, but also they are helping in fundraising efforts.
Americans are giving as much as they can to help the efforts in Haiti. The ”texting” donations drive was introduced and has been a hugely successful operation. But of course, I instantly was thinking about how cybercriminals would use this catastrophe to cash in… and so was McAfee Labs. Craig Schmugar wrote a really interesting blog called “Went Looking for IE Exploits in “Haiti”, Found Something Else”.
What I love about this blog is that he shows in screen shots exactly how criminals set up a scam using Google Trends, a fake website, Digg, and Google’s ad network to generate revenue. If you have time, check out the full blog so you can see all of the screen shots – it really hits home how easy it is to be duped into a scam.
Basically, Craig explains that cyber criminals use Google Trends to find a “hot search term”.
1. In his example, the term used was “Haiti earthquake death rate”.
2. The criminal then sets up a malicious website and submitted to Digg.com using the same search term along with related popular search terms.
3. The criminals does this in the effort to have his website come up high in a Google search so you are more likely to click on it and end up on his webpage.
4. When the unsuspecting person clicks on the link, they are brought to a very generic webpage that asks you to click to play a video.
In Craig’s words “What the user doesn’t see is the content that sits behind the image. When a user clicks on the image, that click is passed along to an advertisement delivered through Google’s ad network (note the sites in the image below are potential victims here too as they could be charged for “unwanted clicks” on their ads).”
You see how all this is orchestrated in just the right way to get traffic to their site? Isn’t it amazing to see the length criminals will go? This illustrates my point that criminals will do everything in their power to get you to their site or download their virus so they can generate revenue from the information you provide.
My message today is to go to trusted sources. If you want the latest news, go to trusted news sources like CNN, MSNBC, ABC, NBC, etc. If you want to donate to the relief effort, go to the organizations you trust, the RedCross, Doctors Without Borders, etc. Never click on links to go to those organizations, always type in the website directly or use a search engine.
Cyber Mom Tip of the Day
1. Be careful what you click on… never click on links in emails to donate to the relief effort. Always go to the website directly by using a search engine or typing in the address if you know it.
2. Antivirus in place, always…Without it, you open yourself to viruses, keyloggers and other malicious tools cybercriminals use.
3. Think like a criminal…cybercriminals use whatever the current topics/trends people are searching. Whether it is the earthquake in Haiti, mudslides in Los Angeles, or NFL playoffs, they are looking at what you are looking for to cash in!
Here are some more recent alerts from our McAfee Labs team on Haiti-related scams:
Investigating a Possible Charity Scam