NOVEMBER 29, 2013
Your regular source of security updates from TrendLabsSM
In This Issue

Security Spotlight
Storm of Scams: Cybercriminals Take Advantage of Typhoon Haiyan

Security for Home Users
The Season for Danger: Holiday Threats

Security for Business
Data Theft Security Risks

Security Spotlight

Storm of Scams: Cybercriminals Take Advantage of Typhoon Haiyan

Falling prey to scams not only takes away your hard-earned money, but also deprives those in dire need of support.”

No matter how catastrophic or grievous a calamity is, as long as it’s making headlines, cybercriminals will take advantage of it. Just days after Typhoon Haiyan left a wake of destruction in the Philippines, we started seeing bad guys take advantage of the natural disaster, all seeming to want a slice of the donation pie meant for the victims.

Facebook Spam and Scam Bedlam

The scams that took advantage of Typhoon Haiyan were mostly seen on social networking site, Facebook, in the form of fake profile pages of fake charities asking for donations.

One of these was actually linked to a scammer’s own blog page that asks visitors to donate via PayPal. The link is, of course, legitimate, and brings victims to the real PayPal payment page. Unfortunately, the donations went to the scammer’s bank account instead of to an actual charitable institution.

We also spotted spam that used “Typhoon Haiyan” either as subject or as part of the message body. Some of these blatantly asked for donations through wire and/or bank transfers; others took a roundabout approach and instead asked readers for bank account numbers for use as “volunteer donation accounts.”

Falling prey to these scams, of course, not only takes away your hard-earned money, but also deprives those in dire need of support.

Helping the Safe Way

While it may seem deplorable for anyone to take advantage of a disaster that took the lives of more than 4,000 people, you must realize that it’s simply business for cybercriminals. They will always use any lure necessary to get their hands on your money, whether it’s a new Apple product release or a disaster like the 2011 Japan tsunami.

Despite the existence of opportunistic threats, don’t be dissuaded from donating. It’s still possible to do so without becoming a scam victim. Here’s how:

  • Give to organizations you know and trust. New charities will often pop up in the wake of big calamities and disasters. While it’s not unheard of for small groups to organize donation drives and similar efforts, it’s generally safer to donate to big, well-known charities that have been around for years. But if you want to donate to a smaller charity, make sure it’s one that you personally have experience with and can be trusted with your money.

  • Not everything on social media and emails are true. It’s common for legitimate charities to ask for donations via social media and email. But keep in mind that cybercriminals count on this. They make you believe their made-up charities are one of the real charities. Instead of clicking links in emails and social media posts, go directly to organizations’ sites instead. This reduces your chances of landing on scam pages or ending up with infected devices.

  • Carefully check payment sites. If you’re donating money online, carefully check the payment site just like you would any other online payment site. You could be on a phishing page.

Copyright ©2013 Trend Micro Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro Incorporated. All other company and/or product names may be trademarks or registered trademarks of their respective owners. The information contained in this document is subject to change without prior notice.