Donations for disaster relief charities are in danger of ending in the hands of hackers, with one of the more high profile targets of late being the Red Cross.

Following a number of major international disasters of late, individuals around the world have felt an obligation to donate to victim relief charities including organisations such as the Red Cross.

Internet security specialist Trend Micro points out that a recent Phishing scam involves a spoofed Red Cross disaster relief donation website. The fake site looks almost exactly the same as the real Red Cross site, except for three buttons: Continue,Ӕ CancelӔ and Verisign.Ӕ As such, visitors can be easily fooled if they fail to carefully inspect the website. The technique used in this example adds a new twist: the web pages are hosted on a portal site (in this case, www.quadrate-stadt.de) that almost exactly mirrors the original Red Cross site and includes links to real Red Cross content, making it easier for visitors to fall victim to the scam. The  site has now been disabled.

After the hurricane Katrina disaster in early October, dozens of fake Red Cross donation websites appeared across the Internet hoping to making a quick buck from altruistic donors. More recently, they have started to reappear in the wake of the Central Asian earthquake. Trend Micro advises users to manually enter the website URL rather than simply clicking on a link. Even if the link includes a trusted URL (such as a portal site or free hosting sites), this does not guarantee the security of your donations. Similarly, if you use a search engine to search for terms like Pakistan earthquake, hurricane Katrina, etc., be wary of fake websites looking to take advantage of your good intentions according to a recent survey, several hundred fraudulent websites were registered with the keyword ֓Katrina.

Trend Micro points out that the latest Red Cross Phishing site includes official Red Cross emblems and graphics and urges users to make contributions directly through the website. Additionally, if you click on any links on the Phishing site, you will be redirected to the real Red Cross site. This increases the impression of authenticity. Fortunately, there is one easily discernable difference: the URL, starting with ԓhttp (figure 1). Most secure payment transfer sites today use the SSL (Secure Sockets Layer) protocol, which means that the URL should begin with ԓhttps instead of ԓhttp. At a minimum, the SSL protocol enables us to ensure that data transmitted over the Internet will be sent complete and will be sent to the authentic recipient.

---

Get stories like this delivered daily - FREE - subscribe now
When you subscribe get a 12 months license for LiveProject
Valued at $99 USD


Download the FREE iTWire desktop alert widget