It’s a sad day when we have to warn people about medical charity scams, or tax fakeouts, or even have a week dedicated to foiling charity fraud—but here we are. With so many natural disasters occurring, from wildfires in California to tornadoes in Dallas, disaster donation scams remain a top resource for scammers looking for free cash.
Unfortunately, disaster donation scams are nothing new. Back in 2013, I spent many hours tracking and shutting down fake charity scams focused on Typhoon Haiyan and many more. Some of those tricks from way back when are still in use, and we need to do what we can to inform and ward off potential attacks.
Avoiding fake disaster donation scams: part 1
A handy list of tips has been posted to KQED, detailing all the ways you can steer clear of these scams. While many of them may seem obvious to regular readers of this blog, there are always folks out there who haven’t heard of these, much less realize that people are actively trying to rip them off through charitable causes.
If you have relatives who donate after a disaster (or just donate generally), feel free to send this post their way. To summarize the tips quickly, and of particular note:
- Keep track of payments to charitable organizations
- Watch your payment method: don’t make donations via cash, gift card, or by wiring money
- Steer clear of pressure—especially in relation to paying “as soon as possible”
Avoiding fake disaster donation scams: part 2
I’d also like to add some of my own suggestions, based on things I’ve experienced while tackling these scams and talking about them at events through the years.
- Door-to-door visits should always be treated with caution. At the bare minimum, they should have a recognisable badge, and a way to verify they are who they say they are. I don’t think I’ve ever run into a house call where you couldn’t take a leaflet or web address and go make the donation in your own time.If they really, desperately need the money now? Ask yourself why and then do some digging once they’ve gone. If you think it’s all a bit suspicious after that, report it to the most appropriate contact point.
- Cold calling is a popular past-time of donation scammers. It’s easier than ever to spoof caller ID, so simply matching numbers to legitimate sources on official websites is not 100 percent foolproof. I’ve mentioned the infamous FEMA cleanup crews in the past, and they’re often one of the first scams to hit the ground running. Be on the lookout for similar fakeouts involving Red Cross, United Nations, UNICEF, and more. If it’s a big name, it’s a potential target.Again: don’t be pressured into handing over payment details to cold callers. It’s worth noting that fake websites abound, both on free and paid hosting.
- Scammers will often pretend to be a charity organisation, sending missives claiming to be Red Cross or Salvation Army, or pretty much anyone else they think may be relevant to a disaster. Nothing odd there. However, what they will do is frequently include a real email address in their request for money. Why? To keep things looking as real as possible.The sting in the tail is where they also insist you CC an email address belonging to the scammer when you send bank details, because “high server load” may mean the real address never gets the reply. They’ll also request you give them a week or two to reply as they’re experiencing high volume of mail. This is also just a way to get you to leave them alone for a week as they happily plunder your bank account without question.
- Scammers will exploit the fear of lost/missing relatives to make more money. They’ll post up pictures of missing people culled from news services and ask for money to “help find them.” They’ll make use of those fun automatic newspaper headline generators to present you with fake headlines about rewards if only you send X amount of cash to Y (also a tactic used by 419 scammers).Relatives will naturally post lots of personal information to social media, and scammers will happily use that, too, in their social engineering exploits. I saw this a lot during Typhoon Haiyan, a problem exacerbated by people not really being familiar with genuine ways to locate missing people. Myself and others made extensive use of Google’s crisis map and their person finder to help steer people away from fakes.Note that these services are still operational whenever they may be needed, and there are many other ways to attempt reunification without being ripped off.
- Finally, never underestimate how weird the scams may be in their attempt to pull the rug from under you. “Whale crashes into building” was a popular social media scam back in 2011, because the more sensational-sounding viral a video you have the better. “Earthquake relief” via the promise of a few clicks went a long way to making someone money and not much else. There’s “miracle escapes” which often aren’t, rogue installs, and and even Twitter spambots firing out links to expensive “radiation health” ebooks. They’ll do whatever it takes.
I’ll leave you with a few more links, so you can report anything suspicious that comes your way, or at least use the below as a way to get your information where it needs to be:
Scammers hope a combination of tragedy and your sympathy will provide them with the keys to your bank account. Any and all donations given to criminals are potentially causing misery and loss of life where the money is actually needed, so it’s down to all of us to step up and tackle this scourge head on.
The post Help prevent disaster donation scams from causing more misery appeared first on Malwarebytes Labs.
Refer Here for Original Post and Source https://blog.malwarebytes.com/social-engineering/2019/10/help-prevent-disaster-donation-scams-from-causing-more-misery/