[Artemisia] Fw: Beware - Katrina Assistance Scams

Sun Sep 4 20:41:37 CDT 2005

FYI for all of you - my source is very good.
Bronwen

>
> We received this message from a friend in NY who works for a government 
> agency. I thought it was important that everyone be alerted to these 
> possible scams. As with any email that you receive and open - DO NOT CLICK 
> ON ANY LINK INSIDE the email. If you wish to visit a 'link' that is 
> listed, just hi-lite that link, paste it into the http: address line and 
> press enter. You are much more likely to encounter viruses and scam web 
> sites by clicking on 'links' inside an email. Please provide any help that 
> you are able to provide to the victims of Katrina and keep them in your 
> prayers - but, be wary and cautious about opening and viewing photos, 
> videos, etc. that you receive thru the internet to protect yourself from 
> becoming a victim of vicious scammers.
>
> FYI
>
> Information_Security_Office 9/1/05 2:52:43 PM
>
> The following warning has been issued by NYS Office of Cyber Security and 
> Critical Infrastructure Coordination. It concerns fraudulent websites for 
> relief efforts for Katrina victims.
>
> NEW YORK STATE OFFICE OF CYBER SECURITY AND CRITICAL INFRASTRUCTURE
> COORDINATION CYBER INFORMATION BULLETIN
> DATE ISSUED:  September 1, 2005
>
> SUBJECT:
> Fraudulent Websites for Hurricane Katrina Victims
>
> OVERVIEW:
> We have received information indicating that Internet domain names are 
> being created that could be used to lure unwary users into visiting 
> potentially malicious web sites.
>
> BULLETIN:
> Relief and charity efforts for the victims of Hurricane Katrina began 
> immediately after the hurricane devastated the Gulf Coast area.  Shortly 
> thereafter, web sites began to appear which were designed to defraud 
> unsuspecting users. Some of the activities include soliciting donations 
> for seemingly charitable purposes, attempting to collect personal 
> information through phishing scams and also spreading malware to 
> unsuspecting users. Over the past few days, domain names that redirect 
> users to malicious web sites have appeared online, in addition to email 
> scams requesting donations for those impacted by the hurricane. While some 
> of these sites and messages may be legitimate, many are not. At the time 
> of this bulletin, please be aware that the following domains are reported 
> to be suspicious:
>
> katrinahelp.com
> katrinacleanup.com
> katrinarelief.com.
>
> Please note that this is not an exhaustive list and additional domains may 
> continue to appear.
>
> In addition to fraudulent web sites, opportunists may use this event as a 
> vehicle for other types of online attacks. For example, email messages 
> that claim to contain attachments with photos, video, or other information 
> about Hurricane Katrina may actually contain viruses, worms, or other 
> malware.
>
> RECOMMENDATIONS:
>
> We recommend that staff be advised to:
> * Validate the relief fund or charity through a known reliable entity. 
> Please refer to the FEMA link below for a list of reputable disaster 
> relief resources for Hurricane Katrina.
> * When a message containing a request for donations for these victims 
> appears, do not respond unless you are certain it is a VALID message.
> * Avoid visiting untrusted web sites.
> * AVOID OPENING EMAIL MESSAGES AND ATTACHMENTS THAT CLAIM TO CONTAIN 
> VIDEO, PHOTOS, OR OTHER INFORMAITON RELATING TO RELIEF SOLICITATION FOR 
> HURRICANE KATRINA.
> * Follow standard best practices for email and web browsing security.
>
> REFERENCES:
>
> SANS:
> http://isc.sans.org/diary.php?date=2005-08-31
>
> Washington Post:
> http://blogs.washingtonpost.com/securityfix/2005/08/katrina_phishin.html
>
> Better Business Bureau:
> http://www.give.org/news/disaster_pr.asp
>
> Federal Emergency Management Agency:
> http://www.fema.gov/press/2005/resources_katrina.shtm
>