Unfortunately, it almost goes without saying in this day and age; when some big event or unfortunate disaster happens, scummy malware pushers will jump all over it in hopes of enticing the news hungry masses to malicious sites and downloads. This unfortunate trend hasn’t failed to disgust me yet again with Japan’s recent earthquake and nuclear catastrophes.
Within hours of the first earthquake, scammers had already launched malicious campaigns to lure the worried global audience to phising sites masquarading as aide sites, and had also started massive spamming campaigns targeting donors who want to help Japan.
One of the techniques attackers increasingly use in these situations is called Black Hat Search Engine Optimization (SEO). This is a technique where attackers leverage the same SEO methods marketers use to get their web sites to prominently display with certain search results; only the attacker falsely links popular search phrases to a malicious site. Attackers are aggressively leveraging these Black Hat SEO techniques to tie their malicious phishing sites to the Japanese earthquake disaster. So you should definately be careful when searching for earthquake news on Google and other search engines.
I have a strong personal tie to Japan. I lived there for four years in the 80s, when I was younger. Many of my childhood memories are distinctly Japanese. So when I hear about these despicable criminals trying to make a buck off a country’s pain… well, I can’t really put to words how angry I feel. That’s why I want to make sure these crooks don’t succeed. As you receive email about the Japan disaster, or search for the latest information, please be wary of the links you click. While I encourage you to help out in some way, you should also be careful of who you are donating to. Finally, tell all your friends about these potential scams. If we all band together, maybe we can prevent these hoodlums from profiting from Japan’s pain. – Corey Nachreiner, CISSP