We all know that Japan suffered from one of the worst natural disasters recently and that the whole world is providing support in all forms. People are donating everything from food, blankets, money etc. But from a security professional’s perspective, whenever there are these kinds of mishaps or disasters, it is a hunting ground for phishing/malware/online scams.
For those who donate money, there is a danger lurking in the background. The bad guys are out there with their "phishing" tentacles spread to lure unsuspecting users to fall into their trap.
For those of you who didn’t know what phishing is?
Phishing is a technique used to gain personal information for the purpose of identity theft, using fraudulent e-mail messages that appear to come from legitimate organizations such as banks, charitable institutions etc.
Recently it was found out that some of the phishing sites posed as a donation site for the victims of tsunami and earthquake in Japan. The cyber criminals are also using social engineering methods to lay trap to the common man. There are emails being circulated with links to make donation.
With organizations around the world donating huge amounts of money, there is a lot more possibility that these sorts of phishing mails will be going around for some time.
People who desire to make a donation should ensure that the sites are reputable ones and check the URLs they are connecting to. It is possible that the criminals use your banks mail/message format and ask you to login and donate some money to a particular account.
Users should remember to choose trustworthy organizations when it comes to handing over their donations. The bottom-line is users need to be cautious.
Tips to recognize a phishing e-mail:
• You are asked to provide personal information such as bank account/ credit card number/ PIN number/ password/ mother's maiden name, etc.
• The message uses scare tactics, emotional sentiments
• The text contains spelling or grammatical errors.
Please be suspicious for mails with the following subject line:
• # EARTHQUAKE HELP
• # 8.8 Quake Japan
• # Tsunami
• # Japan before and after Tsunami
• # Japan 8.9 disaster
In case you feel that you have received a phishing mail, before making the payment, verify if it has genuinely come from the organization to which you are going to make the payment. Call the organizations support/information security/cyber security teams.
By any means, if you have donated some money or given out your personal information and feel you have been duped and you have been a victim of phishing, please contact your bank/credit card company immediately with the relevant details.