No. 1 Story

ACCC clears Optus to scrap HFC network and use NBN instead

The ACCC has cleared, provisionally, the proposed deal between Optus and NBN Co under which Optus is to be paid around $800m to shut down its HFC network and transfer customers onto the NBN. read more

Related Articles

Phishing, scam, targets, Red, Cross, donation, site
Swedish Bank loses $1 Million through Russian hacker phishing attack
Russian hackers have used phishing techniques to get hundreds of customers of Sweden’s largest...
Read More
AOL Phishing fraudster convicted, could spend 101 years in jail
Want to be looked after the rest of your life in the company of...
Read More
IE7 and Opera browsers upgrade phishing protection
Microsoft has fixed a bug causing Internet Explorer 7's phishing shield to bog down page...
Read More
New year's resolution: Beware SMS phishing
SMS phishing is likely to be one of the leading security issues of 2007...
Read More
Fake Skype web site purveys malware
US-based web security provider SurfControl is currently tracking a new spyware threat that comes...
Read More

Popular Threads

Phishing scam targets Red Cross donation site

Stan Beer
Thursday, 03 November 2005 10:00

Business IT - Security

View Comments

Donations for disaster relief charities are in danger of ending in the hands of hackers, with one of the more high profile targets of late being the Red Cross.

Following a number of major international disasters of late, individuals around the world have felt an obligation to donate to victim relief charities including organisations such as the Red Cross.

Internet security specialist Trend Micro points out that a recent Phishing scam involves a spoofed Red Cross disaster relief donation website. The fake site looks almost exactly the same as the real Red Cross site, except for three buttons: 'Continue,' 'Cancel' and 'Verisign.' As such, visitors can be easily fooled if they fail to carefully inspect the website. The technique used in this example adds a new twist: the web pages are hosted on a portal site (in this case, www.quadrate-stadt.de) that almost exactly mirrors the original Red Cross site and includes links to real Red Cross content, making it easier for visitors to fall victim to the scam. The  site has now been disabled.

After the hurricane Katrina disaster in early October, dozens of fake Red Cross donation websites appeared across the Internet hoping to making a quick buck from altruistic donors. More recently, they have started to reappear in the wake of the Central Asian earthquake. Trend Micro advises users to manually enter the website URL rather than simply clicking on a link. Even if the link includes a trusted URL (such as a portal site or free hosting sites), this does not guarantee the security of your donations. Similarly, if you use a search engine to search for terms like Pakistan earthquake, hurricane Katrina, etc., be wary of fake websites looking to take advantage of your good intentions - according to a recent survey, several hundred fraudulent websites were registered with the keyword 'Katrina.'

Trend Micro points out that the latest Red Cross Phishing site includes official Red Cross emblems and graphics and urges users to make contributions directly through the website. Additionally, if you click on any links on the Phishing site, you will be redirected to the real Red Cross site. This increases the impression of authenticity. Fortunately, there is one easily discernable difference: the URL, starting with 'http' (figure 1). Most secure payment transfer sites today use the SSL (Secure Sockets Layer) protocol, which means that the URL should begin with 'https' instead of 'http.' At a minimum, the SSL protocol enables us to ensure that data transmitted over the Internet will be sent complete and will be sent to the authentic recipient.

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases