After the tragic 8.9 magnitude earthquake and tsunami disasters in Japan, hackers immediately went to work by attacking computer users through phishing and spam messages related to the devastating events.
Cyber crooks are literally cashing in on the Japanese earthquake and tsunami events by sending out spam messages begging for donations. Security firm Symantec noticed more than 50 domains put to use with names related to "Japan earthquake" or "Japan tsunami" just hours after the events occurred. These domains would be used in conjunction with spam and phishing attacks. Some of the attacks may involve spam messages asking for donations to help the victims of the Japan disasters. Also, we are more than certain that these scrupulous hackers will attempt to use aggressive SEO (Search Engine Optimization) techniques to flood Google search results related to the Japan disaster with these malicious domains.
Hackers obviously have no feelings or regards to victims of unforeseen tragedies. They will, however, utilize any popular news subject to their benefit. Some of the scams to come related to the Japanese earthquake and tsunami are expected to be malicious attacks through spam emails that have malevolent attachments. Other scams to expect would be phishing sites that may collect personal information if you wish to donate to the Japanese victims.
Hot Twitter Trending Chart for Terms "Japan", "Tsunami", "Earthquake"
Take a look at the twitter trends for the terms "japan", "tsunami", "earthquake".
Security company Symantec has already seen phishing emails, such as the one shown in Figure 1. below, making the rounds. Many of these scams will urge donations to the rehabilitation of those affected by the Japan tsunami and earthquake. The email in Figure 1. even has a prayer attempting to add to its validity so it may come off as legitimate. Pretty low isn't it?
Figure 1. - Phishing email asking help for Japanese earthquake and tsunami victims. - image source: Symantec
The recent Japan tragedy has had such a persuasive influence on hackers recently that they have taken the earthquake and tsunami scams to Facebook. That's right, computer users have reported that they witnessed fake video links that are supposedly new videos of the disaster stricken areas of Japan. The link allegedly appears to be one to the latest CNN videos on Japan. As you may suspect, the link does not take you to a legitimate video, the Facebook user instead lands on a web page imitating YouTube. By clicking "Play" on the video found on the impersonating page, it will post the same CNN video link to your Facebook wall. Basically, it will act as if you clicked the LIKE button.
Facebook users who have come across and clicked on a specific malicious video link that promises a video of "Japan Tsunami RAW Tidal Wave Footage", were presented with a cleverly designed page that closely resembles YouTube as demonstrated in Figure 2. below. The cyber crooks that created the mock YouTube page have really outdone themselves by making it look almost identical to what you would expect from a YouTube video page. Hackers are well aware that people are anxious about their need to see forehand what is happening around the world. What better way to see it than view a readily available YouTube video? Wouldn't you click on a link on posted on your friends Facebook page, similar to Figure 3. below, that supposedly offers "Japan Tsunami RAW Tidal Wave Footage"? It would be quite entertaining until you find out that it is nothing more than a clickjacking scam that will post the same link to your own Facebook wall.
Figure 2. - Fake YouTube page offering "Japanese Tsunami RAW Tidal Wave Footage!" - image credit: Sophos
Figure 3. - Facebook clickjacking link post leading users to Fake YouTube page offering "Japanese Tsunami RAW Tidal Wave Footage!" - image credit: Sophos
Hackers have been successful with utilizing their SEO techniques to flood the Internet with Japan earthquake related malware sites. The search keywords "Most Recent Earthquakes in Japan" has sparked some negative attention in the form of leading computer users to a Trojan horse identified as TROJ_FAKEAV.PB, a variant of the Trojan.FakeAV infection. Currently, the sites that appeared on Internet search results related to the Japan earthquake have been either removed from the search query or taken down. Still, hackers are scrambling to spread as many malicious sites that may be related to the Japan earthquake as the can. The TROJ_FAKEAV.PB infection is one way that it could expose a PC to other malware.
The recent Japanese earthquake and tsunami is one of the worst disasters in years accounting for potentially an unprecedented number of lost lives. With such disturbing news heard around the world, hackers will thrive on the very idea that this world event would linger on for months, if not years, which is why they are prepared to gain every little bit they can from it. On the other hand, this is more reason for each and every one of us to be cautious to online scams that may come our way.
In the weeks to come, we should continue to monitor online scams related to the Japanese disaster. If you wish to help those affected, you should only donate to legitimate organizations like the American Red Cross. Don't let your giving heart be the beginning of a hackers pay day. Protect yourself now by viewing our Top 5 Tips for Avoiding Being Scammed by Japan Earthquake-Tsunami Attacks below.
List of Spam Emails and Scam Websites Related to Japan Earthquake Tsunami Disaster
Check back soon for updates on new phishing emails and bogus websites.
Top 5 Tips to Avoid Japan Earthquake-Tsunami Online Scams
Tip #1 Keep your applications and security software updated.
By keeping your programs and antivirus or antispyware programs up to date, you will ensure they are capable of detecting or preventing malicious files in the event that you receive a spam message with a nasty attachment. Additionally, updated virus and spyware definitions will be able to detect the latest threats that may be sent as a spam email attachment or malicious web site link.
Tip #2 Never relinquish credit card or financial information through email or a suspicious site.
Reputable sources in the position to help the victims of the Japan Earthquake and tsunami should never ask for any type of financial information via email. Instead, they will take donations through a secure channel. The secure channel will be a secure page belonging to the organization such as the American Red Cross' secure address: https://american.redcross.org. Sometimes the hackers that spread the phishing and spam emails will provide a link to donate to the victims. If those sites look the least bit suspicious and ask for financial information, do not provide it.
Tip #3 Avoid downloading attachments from relief fund emails related to the Japan disaster.
A legitimate email from a reputable relief fund organization should not include an attachment in the first place. If you receive a message in the form of a ZIP file or executable, more than likely it is some form of malware that should not be opened.
Tip #4 Be on the lookout for videos or media offering footage of the Japan disaster.
It may be difficult to resist clicking on a link that offers video or media footage of the Japan earthquake and tsunami but many of these links purposely target gullible computer users leading them to a phishing site. Just like the fake video links posted on Facebook, hackers could easily post similar links to compromised websites or other social networks such as Twitter. If you have the desire to watch such footage, it may be best to find it directly from a trusted news network such as CNN.com.
Tip #5 Be vigilant and proactive about reporting obvious Japan disaster scams.
In the event that you notice a Japan earthquake or tsunami scam, it would be in everyone's best interest that it be reported to the proper authorities. By reporting such scams, it may potentially prevent other computer users from becoming a victim. Japan disaster scams can be reported to either the Better Business Bureau (www.bbb.org), the FBI's Internet Crime Complaint Center (http://www.ic3.gov/default.aspx) or the Consumer Fraud Reporting site (http://www.consumerfraudreporting.org/reporting.php).