INDIA: Several countries and international organisations have offered to assist with relief efforts from last Friday's earthquake and tsunami in Japan. Three days after the earthquake and tsunami that rocked Japan, the rest of the world is still trying to make sense of what's happening. Citizens around the world are also looking to extend assistance in their own way.
But, as the death and injury tolls continue to rise, there are some malicious people who attempt to exploit such situations, under the guise of charitable institutions and governmental organizations. Emails marked URGENT, requesting for help by appealing to the humanity in every internet user, or urging consumers around the world to offer donations to those affected, are doing the rounds.
Symantec observed more than 50 domains with the names of either “Japan tsunami” or “Japan earthquake” within the first few hours of this unfortunate event. These domains are either parked, available for sale, or are linked to earthquake sites. Don’t be surprised if you see these domains been used in phishing and spam attacks. Below are a few of the samples:
Symantec has also observed a classic 419 message targeting the Japanese disaster. The message is a bogus "next of kin" story that purports to settle millions of dollars owing to an earthquake and tsunami victim.
Previously, when such disasters occurred, Symantec observed a sudden surge in virus attacks in the form of nasty attachments and .zip files embedded in spam sent from such predatory attackers. Do not open them, especially if you don’t know the source! Use caution when opening forwarded messages related to the Japan earthquake and tsunami, and any other tragedy or event that stirs international news coverage, legitimate and otherwise. Nefarious attackers may be sending malicious Java scripts and other threats that could compromise both your personal data and your computer.
Other methods that the cyber mafia uses during such events include search engine poisoning. With several internet users searching for earthquake-related news and information online, cybercriminals can poison search results for malicious websites to appear at the top of the results. Users who click on these links assuming that the information will help them make sense of the tragedy, may end up downloading malware instead.
Symantec has witnessed a rise in malicious websites of late. The recent Symantec report on Attack Toolkits and Malicious Websites revealed that Symantec observed more than 310,000 unique domains that were found to be malicious. On average, this resulted in the detection of more than 4.4 million malicious Web pages per month. It is likely that attackers will use Japan-related terms in order to attract people on to these websites.
While our hearts go out to those grappling with this unprecedented catastrophe, we at Symantec want to urge users to be cautious about unscrupulous elements. Symantec recommends that our readers reach out to the affected through legitimate and secure channels so that the help sent by you reaches the intended recipients.