Investigating a Possible Charity Scam

On Saturday, my McAfee Labs colleague Craig Schmugar wrote about phishing sites and email scams related to the recent earthquake in Haiti. The people behind these frauds deserve to be caught by the law. I have a story that demonstrates that when several researchers join forces the bad guys run the risk of being punished.

On Sunday, among the hundreds of emails I received about Operation Aurora, I had one from Nick FitzGerald, a well-known anti-malware researcher. He asked for my opinion about a possible charity scam with a French origin.

Nick asked me to verify the details: an easy thing for a French speaker. After I tried calling the mobile phone number and got an answering machine, I contacted the town hall where the requester claimed to have his company. The official in charge did not know this company nor any local initiative in favor of the Haitian people.

Two Internet searches allowed me to identify a possible sender. First of all, I used the phone number and discovered–in the same administrative division–an individual selling a Mercedes.

As I suspected another rip-off (you pay an advance fee and you never see your car), I used the company name and discovered a professional diary with the name of the managing director: the same name as the car seller.

Finally, and just as I prepared my response to Nick, I received a call from some friends working at the French banking industry’s Computer Emergency Response Team. They had made the same discoveries, and they were also able to direct me to some court rulings related to this person. He was sentenced in 2009 after he used false insurance certificates and false bank guarantees.

Yesterday, I forwarded all these data to the authorities and hope that they will take appropriate steps. I cannot claim that this individual is once again breaking the law; in France we do enjoy the presumption of innocence. However, this story should prompt you to be vigilant and to not fall for email charity scams.

Last week the U.S. FBI released a warning on this subject.  Yesterday, they renewed the message with the following guidelines:

• Do not respond to any unsolicited (spam) incoming emails, including clicking links contained within those messages
• Be skeptical of individuals representing themselves as surviving victims or officials asking for donations via email or social networking sites
• Beware of organizations with copycat names similar to but not exactly the same as those of reputable charities
• Rather than following a purported link to a website, verify the legitimacy of nonprofit organizations by using various Internet-based resources to confirm the group’s existence and its nonprofit status
• Be cautious of emails that claim to show pictures of the disaster areas in attached files, because the files may contain viruses. Open attachments only from known senders.
• To ensure your money is received and used for its intended purposes, make contributions directly to known organizations rather than relying on others to make the donation on your behalf
• Do not be pressured into making contributions, as reputable charities do not use such tactics
• Do not give your personal or financial information to anyone who solicits contributions. Providing such information may compromise your identity and make you vulnerable to identity theft.
• Avoid cash donations if possible. Pay by debit or credit card, or write a check directly to the charity. Do not make checks payable to individuals.

I strongly agree with this advice!