Online scammers prep for Gustav, say researchers
- — 02 September, 2008 08:16
Nearly 100 domains related to Hurricane Gustav were registered over the weekend, security experts said, some of which may be used by bogus charity and relief scams after the storm strikes the US Gulf Coast.
According to US television station KTAL, the office of Louisiana's Attorney General Buddy Caldwell has warned residents of Gustav phishing attacks already in progress.
On Saturday, Marcus Sachs, the director of the SANS Institute's Internet Storm Center (ISC), noted that numerous domains containing the word "gustav," "charity," "hurricane," and "relief" had been recently registered.
"On the day [Hurricane] Katrina hit New Orleans [in 2005] hundreds of donation sites appeared online, many if not most were scam sites," said Sachs in a post Saturday to the ISC research blog. "Well this time around it looks like the people who like to register domain names in anticipation of a storm's arrival have already started registering them for Gustav."
By Sunday, Sachs had listed almost 100 Gustav sites culled from the DomainTools' Web site. "Most of these sites are parked domains and many of them are for sale," he said. "They will be worth monitoring, particularly if 'donate here' messages appear."
Several of the domains, in fact, do appear to be parked, or registered but not fleshed out with content. Others, including helpgustavictims.com and helpgustavvictions.net, were for sale on eBay as of mid-day Sunday.
A few, however, led to legitimate charities. The domain gustavcharity.com, for example, redirected users to the Web site of the evangelical Christian organization "Samaritan's Purse," while contributegustav.org took users to the Baton Rouge Area Foundation's site.
Another security expert, Gary Warner, director of research in computer forensics at the University of Alabama, also posted a list of parked domains that may be used for scamming purposes. "Anytime we've seen a natural disaster, we've been on the lookup for domains which might be abused for fraud," said Warner Sunday on his blog. "It was only natural then that I retuned my settings at DomainTools yesterday to alert on Gustav domains."
Warner also pointed out a handful of domains that led to legitimate content.
Three years ago, before and after Hurricanes Katrina slammed into New Orleans, security researchers noted a similar run-up of domain registrations. Enough were used for phony relief scams, often by identity thieves hoping to trick consumers into divulging personal information, that the US Department of Justice set up a Katrina anti-fraud task force.
More than a year later, two brothers were convicted on federal charges for running a fake Salvation Army site that solicited money, supposedly for Katrina relief efforts. The pair, Steven and Bartholomew Stephens, were sentenced to more than 100 months in prison for the scam last December.