Donations for Tragedy Victims
How the scam works:
Requests for charity donations are so common nowadays that they could happen anywhere. This is a truly horrible scam.
The crooks come with collection boxes, especially in pubs (where they take advantage of people being tipsy), or even move door to door, selling their emotional stories. It is reported that some scammers even leave bags at people’s doors, with a flyer advertising the charity, using either a tragedy that happened in your city or a worldwide calamity (Oklahoma Tornado, Boston Marathon, Hurricane Sandy, Japanese Tsunami, Chilean earthquake, Katrina, etc).
On the other hand, there are a lot of phishing scams online. After the recent Oklahoma tornado or the bombing at the Boston marathon, criminals created fake websites and posted bogus pictures (like the one on this page) meant to open your heart. Once you click on the links, you'll be invited to submit your personal info or money that doesn't necessary end up in the right hands.
After the last two recent catastrophes, cybercriminals began spreading malware through email. The emails included a link that claimed to have video footage of the inside job. Subject lines included titles such as "Tornado Takes Down Building" "Video of Explosion at the Boston Marathon 2013", "2 Explosions at Boston Marathon", " Aftermath to explosion at Boston Marathon", and "Boston Explosion Caught on Video".
If you click on the link you are taken to a website which – while showing you genuine YouTube videos of the horrific incident – attempts to infect your computer with a Windows Trojan horse that Sophos products detect as Troj/Tepfer-Q. If the files are installed, the malware makes changes to the computer's registry that allows the hackers to gain remote access to the affected computers.
While the current malware is being sent via email, fake Facebook or Twitter accounts are being created claiming to be raising money for the tragedy. For example, after the Boston bombing there was an immediate Twitter account set up, that looked very similar to the official @BostonMarathon. The fake one, which was claiming $1 will go to the victims' family, was named @_BostonMarathon and was retweeted 52,173 times!
How to avoid:
You have a good heart and like to help those in need, but what you really need to do is research these organizations first. All genuine charity organizations have to be registered and will have an online presence; if they are small and claim they don’t have a website, always ask them for identification and their registration number. If you donate money, you have the right to know exactly where it is going. And really, it’s better to give, not to individuals with a collecting box, but online directly to the charity.
Make your friends and family aware of this scam by sharing it, using the buttons provided.