Awareness : Security Awareness Tips

Watch Out for Haiti Earthquake Relief Scams

In the wake of the natural disaster that occurred on 1/12/2010, cyber-crooks have rushed to create scam websites with Haiti earthquake-themed names. Not all the sites may be fraudulent, but ever since Hurricane Katrina in 2005, scammers have aggressively used fraudulent domains to exploit the generosity of ordinary people.

Security researchers at the Internet Storm Center have already logged the appearance of suspicious domains not connected to recognized charities. They manipulate search engines and use advertisements to make their scams appear authentic. Twitter tag-poisoning is often used to increase their online presence.

What this means is that if you search for Haiti-related earthquake stories such as “haiti earthquake,” “haiti relief,” or “haiti support,” some of the links that appear may be fake or contain malware. Many cyber-crooks attempt to trick users into downloading malware under the guise of codecs (video decoding files) supposedly needed to view video reports of the Haitian tragedy.

The FBI and the Better Business Bureau recommend the following:

  • Do not respond to any unsolicited incoming email or click on links contained within those messages.
  • Be skeptical of people claiming to be victims or their relatives. After Katrina, dozens of individuals were indicted for falsely collecting donations.
  • Be careful as you search and click. As mentioned previously, cyber-crooks use look-alike websites. One way to be safe is to follow a link to a charity from a site you trust. For example, you can go to,,, etc., and use links found there to donate to Haitian relief.
  • Verify the legitimacy of nonprofit organizations. There are a number of Internet-based resources that can assist you in vetting a charity. For example, you can go to,, or
  • Be wary of claims that 100% of donations will assist relief victims. Despite what some organizations might say, there are always expenses connected to collecting money. Even a credit card donation may involve, at a minimum, a processing fee.
  • Make contributions directly to known organizations rather than going through third parties. Cutting out the middleman will reduce your risk and may help more of your money go to the relief effort.
  • Find out if the charity has an on-the-ground presence in the impacted areas. Many well-meaning charities may ask for donations, but make sure they are equipped to effectively provide aid.
  • Be cautious about giving out your personal or financial information to anyone soliciting contributions. Cyber-crooks will happily accept your “donation” while they steal your identity.
  • Do not be discouraged by these scam artists and give generously, but make sure your money is going to the people in need.

For more information

Posted January 20, 2010