Last week, Symantec warned netizens of Haiti earthquake-related email scams. These alerts have not deterred spammers from continuing their operations in the form of 419 and phishing scams. We have monitored a variety of scam emails that are falsely claiming to have come from humanitarian and relief fund organizations, asking users for donations.
When we look at the list of subject lines found in scam emails below, we observe that some of them are imitating the subject lines of legitimate emails requesting for donations:
Financial contributions to the British Red Cross
Haiti Earthquake: HELP HAITI
Urgent response:Help haiti
RED CROSS EARTHQUAKE APPEAL- DONATE NOW!
Donate to Haiti today
Please give what you can today to help thousands of people there in desperate need humanitarian assistance
Come up and make a difference to help the poor people of Haiti. Urgent Mail....
Desperately Needed Aids
We also noticed the creation of new email addresses to enable the possible communication between the potential victims and the scammers. We won't be surprised if many more email addresses along the same lines are generated over the next few weeks. A few examples are shown here:
help.haiti.people @ [free email service]
studentshelphaiti2 @ [free email service]
seasianredcross @ [free email service]
Symantec has also observed a phishing attack on UNICEF, which redirected users to a look-alike UNICEF site, where users can donate money for the relief fund.
Sample image of the phishing message:
Sample image of the phishing site:
Given the huge amount of damage caused by the earthquake in Haiti there is, thankfully, massive support from all over the world for the unfortunate citizens of Haiti. Unfortunately, this support has become an encouraging factor for spammers. We think that there will be nonstop attempts of fake donations via email scams and this will carry on for the next few weeks, probably months. As always, we will be continuously updating our antispam filters to block these emails from reaching users.
However, we also advise our users to follow best practices on the Internet. Users are advised to type a website address directly into their Internet browser for an online transaction rather than clicking the links inside a possible phishing email. Never donate money via wire transfer services or similarly untraceable methods of payment.
Note: Thanks to Azam Raza and Sammy Chu for their contributions.