Brian Krebs on Computer Security
Posted at 12:39 PM ET, 09/ 7/2005
Reader Comment Foils Red Cross Phishing Site
I love the fact that Security Fix has been a source of breaking news about computer security and online crime. That news can come directly from loyal readers who drop us a line or comment about something odd they've encountered on the Web. Yesterday was a perfect example of how this blog really shines through reader interaction.
On Tuesday afternoon, a Security Fix reader posted a comment asking where he could report a suspicious e-mail directing him to donate at what he believed was a counterfeit site impersonating the American Red Cross. The reader pasted in a link, and when I visited the page it was clear that this was among the more convincing Red Cross scam sites we've seen so far (you can see below a screenshot I took of the fake site).
Security experts and folks at the Red Cross soon determined that the site was in fact a phishing scam exploiting peoples' generosity in the wake of Hurricane Katrina. Red Cross officials quickly notified the FBI's Internet Fraud Complaint Center, experts at the SANS Internet Storm Center mobilized, and technicians working at the company hosting the site agreed to take it down. The phishing site went dark just before noon ET today.
While the scammers were busy driving would-be donors to their fake Web sites, some readers wrote in yesterday from government agencies and private sector companies to report that that internal Web filtering software was barring them from visiting www.HurricaneHousing.org, a legitimate relief effort site. Within hours of reporting that on our site, several of those same readers wrote in to say the problem had been corrected.
So here's a big "thank you" to all of our readers. Please keep the comments coming, and/or e-mail me with any thoughts, praise or criticism. Your regular visits and comments have helped make Security Fix the top Google result for "computer security blog."
UPDATE, 2:10 p.m., ET: If you're curious about whether a Red Cross Web site donation link is legitimate or not, check out this list from the Red Cross of which sites the organization has authorized to collect donations on its behalf. |
