A number of web domains relating to Tuesday's earthquake in Haiti already are live, some of which are likely to be used maliciously, experts said Wednesday.
As has been the case with other disasters, such as Hurricane Katrina, opportunists likely will use the domains to set up fake charity sites used for phishing, Johannes Ullrich, chief research officer at the SANS Institute, told SCMagazineUS.com. In addition, cybervandals may promote fake videos about the disaster, which could be used to trick individuals into installing malware.
Some domains tied to the event will certainly be used for cybercrime, said Joel Esler, security consultant with intrusion prevention vendor Sourcefire, and an incident handler at the SANS Internet Storm Center.
“Unfortunately, malicious phishers will set up a web page on one of these domains asking people to donate money to the relief of the disaster, when really all the phisher is doing is stealing the credit card information of these individuals,” Esler told SCMagazineUS.com in an email. “It's rather unfortunate that these malicious people prey on people essentially trying to help out.”
As of last night (AEDT), 250 domain names relating to the Haiti disaster had been registered with popular domain registrar Go Daddy, Neil Warner, CISO and vice president of technical operations told SCMagazineUS.com.
“Based on the past, there are going to be some out of the 250 that are malicious,” Warner said.
In the past, cybercriminals have tried to obtain an SSL certificate for their fake charity sites to make them appear legitimate, Warner said.
“We monitor really closely who is trying to get an SSL certificate and stop it that way if someone is trying to do that,” he said.
Warner added that Go Daddy has not yet identified any sites relating to the Haiti earthquake being used maliciously.
To avoid donating to a fake organization, individuals should only donate to charities they already know and trust, Ullrich said. Also, the IRS maintains a list of tax-exempt charities, which individuals can use to determine if a charity is legitimate. The list is not fully up-to-date, however, as it takes some time for new organisations to be added, Ullrich said.
Also, users should be wary if they try to watch a video about the disaster and are told they need to install a codec to view it, Ullrich said. The download could be malware.
See original article on scmagazineus.com
Haiti quake expected to lead to fraud and spread malware
Internet scams already appearing.
Got a news tip for our journalists? Share it with us anonymously here.
Partner Content
Partner Content
Australian organisations must act on security – or risk AI ambitions falling flat
.png&h=140&w=231&c=1&s=0)
Partner Content
Ransomware targets Australian SME false sense of security
.png&h=140&w=231&c=1&s=0)
Partner Content
AI and quantum computing widen the machine identity security gap
.png&h=140&w=231&c=1&s=0)
Partner Content
Elastic's Open Source Strategy Drives Innovation and Expansion
Sponsored Whitepapers
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
