Video Screencast Help
Security Response

Spammers Unrelenting With the Haiti Earthquake Scam Campaign

Created: 19 Jan 2010 22:16:02 GMT • Updated: 23 Jan 2014 18:30:11 GMT
Mayur Kulkarni's picture
0 0 Votes
Login to vote
Last week, Symantec warned netizens of Haiti earthquake-related email scams. These alerts have not deterred spammers from continuing their operations in the form of 419 and phishing scams. We have monitored a variety of scam emails that are falsely claiming to have come from humanitarian and relief fund organizations, asking users for donations. 
 
When we look at the list of subject lines found in scam emails below, we observe that some of them are imitating the subject lines of legitimate emails requesting for donations:
 
Financial contributions to the British Red Cross
Please Reply.
Haiti Earthquake: HELP HAITI
Urgent response:Help haiti
RED CROSS EARTHQUAKE APPEAL- DONATE NOW!
Donate to Haiti today
Please give what you can today to help thousands of people there in desperate need humanitarian assistance
Come up and make a difference to help the poor people of Haiti. Urgent Mail....
Desperately Needed Aids
 
We also noticed the creation of new email addresses to enable the possible communication between the potential victims and the scammers. We won't be surprised if many more email addresses along the same lines are generated over the next few weeks. A few examples are shown here:
 
help.haiti.people @ [free email service]
studentshelphaiti2 @ [free email service]
seasianredcross @ [free email service]
 
Symantec has also observed a phishing attack on UNICEF, which redirected users to a look-alike UNICEF site, where users can donate money for the relief fund. 
 
Sample image of the phishing message:
 
haiti1.jpg
 
Sample image of the phishing site:
 
haiti2.jpg
 
Given the huge amount of damage caused by the earthquake in Haiti there is, thankfully, massive support from all over the world for the unfortunate citizens of Haiti. Unfortunately, this support has become an encouraging factor for spammers. We think that there will be nonstop attempts of fake donations via email scams and this will carry on for the next few weeks, probably months. As always, we will be continuously updating our antispam filters to block these emails from reaching users. 
 
However, we also advise our users to follow best practices on the Internet. Users are advised to type a website address directly into their Internet browser for an online transaction rather than clicking the links inside a possible phishing email. Never donate money via wire transfer services or similarly untraceable methods of payment.
 
Note: Thanks to Azam Raza and Sammy Chu for their contributions.