September 23, 2005 10:11 AM PDT
Warnings out on Hurricane Rita scams
The recent Hurricane Katrina disaster was followed not only by an outpouring of charitable giving, but also by phony Internet appeals seeking to take advantage of people's generosity. Similar fraud is expected with Rita, which experts say will hit the Gulf Coast this weekend. Already, Internet domain names that might appeal to fraudsters for use in con schemes have been registered, security company Websense said Thursday.
"The names follow similar patterns to the Katrina scams," said Dan Hubbard, a senior director at the San Diego-based company. Typically, the domains contain the name "Rita" and words such as "hurricane," "disaster," "relief" and "donations," Hubbard said.
In the wake of Katrina, fraudulent Web sites and e-mails that purported to help hurricane victims or provide more news on the destruction became common. Often these were phishing scams, designed to fool people into handing over personal information that could be used in credit card fraud or identity theft. The U.S. Department of Justice and the FBI have sent out warnings about some Katrina fraud schemes.
Fraud attempts perpetuated on the Internet following a disaster are nothing new. However, Katrina-related scams were more prevalent than those linked to relief efforts after the Asian tsunami late last year, according to the FBI.
The number of registered domains alluding to Hurricane Rita is not nearly as high as with Katrina, but there may be more registrations to come, Hubbard said. Two weeks after Katrina hit, the FBI said that more than 4,000 Katrina-related sites had been registered. "Many of them may be legitimate, but fraudulent ones are popping up faster than we can pound them down," Louis Reigel, assistant director of the FBI's Cyber Division, said on the FBI Web site.
To prepare for Rita scams, an international "call to arms" notice went out on several popular security mailing lists Thursday. The note asks the security community to report suspected fraud attempts to the SANS Internet Storm Center and to the U.S. Computer Emergence Response Team, which is part of the Department of Homeland Security.
"This is a coordinated effort. We're going to find the sites and proceed to try and take them down legally," said Gadi Evron, sender of the "call to arms" note and manager of the Computer Emergency Response Team at Israel's ministry of finance.
The SANS Internet Report Center, which tracks Internet threats, said in a posting Thursday that members are already coming up with a list of scam sites.
Not all security experts think the online schemes related to Rita will be as prevalent as with Katrina. "Overall, you can expect to have a similar reaction we had with Katrina, unfortunately. But it probably will be less widespread," said Steve Yin, a representative of St. Bernard Software, which makes Internet security products.
Also, new scams will likely be less successful after the experience of Katrina, Yin said. "I think people at this point are probably operating in a mode of healthy paranoia," he noted.
Internet users should not respond to any unsolicited e-mails requesting donations, even if they look like they're coming from reputable charitable organizations, the FBI has advised. To make online donations, people should type the charity's Web address directly into a browser, the agency said. In addition, the Red Cross has set up a Web site listing its official donation sites and has posted an e-mail address ((firstname.lastname@example.org) for people to report suspicious online appeals.