« November 2010 | Main | June 2011 »

3 posts from March 2011

Mar 18, 2011

More fake earthquake charities

After our last report of phishing apparently exploiting the tragedy of the earthquake and tsunami here in Japan, we have another example today:

Jp_help_phishing

This is quite a well-designed site. Notably, this one uses the logo of the Red Cross. It's registered to an individual with a European-sounding name, Japanese street address and Gmail account.  This one even ups the ante by posting photos and news gathered from other sites:

Jp_help_phishing_2

One of several suspicious elements: the Paypal link from this English-language site goes to the German-language version of Paypal.

The Japanese Red Cross Society have confirmed that they are not affiliated with this site.

So, how do we know which sites to trust? This site has a Red Cross logo, doesn't it?  Here's one tip: you can look at a site's domain name registration information using sites like Whois Source.

For instance, if you search for JPCERT's domain name, jpcert.or.jp, you can see it was registered in 1996: by internet standards, a long time ago. However, a fraudster usually registers a phishing site not long before they plan to use it. In this case, the domain name was registered on 12 March 2011, under a week ago.

That alone doesn't tell you the site is malicious, but it's certainly one potential indicator.  To verify a site more completely, you can contact the charity via alternate means, using contact details you find independently (i.e. not listed on the questionable web site), and ask them if they're behind it.

Better yet, don't follow links emailed or posted, and instead use web sites belonging to established, known charities.

Mar 14, 2011

Beware of fake Japanese earthquake donation sites

The tragedy in Japan has been immense, and everyone rightly wants to help as much as possible.  However, be careful who you give your donations to.

We've received word of a site called "Japan Donation", which asks you to sign up for an account, and then, who knows:

20110314_30717_pm

The domain was registered on Friday by an individual in the UK with a Hotmail address.  Part of the email address listed is "makemoney".  We assume they forgot to add "togivetocharity" afterwards.

Even if the person behind the site has the best of intentions, this is much like someone coming to your front door wearing a potato sack and asking for money to help Japan.  Don't trust charity sites you can't verify: stick to well-established organizations like Doctors Without Borders or the Red Cross.

Japanese Earthquake, 11 March 2011

We can report that everyone at JPCERT/CC is fine following the terrible earthquake and tsunami that hit near Miyagi Prefecture on 11 March 2011.  The situation in Tokyo, to the south of the main island of Honshu, is comparatively stable at this point. By far, the worst of the damage is to the north of Japan, and our thoughts are with everyone affected at this time.

JPCERT/CC is operating at reduced capacity as the situation stabilizes.  Thank you for your kind letters of support.

If you wish to donate money to affected areas of Japan,  Doctors Without Borders has been recommended as a good candidate for your contributions.

We'll update this blog as conditions change.