Experts at SophosLabs™, Sophos's global
network of virus, spyware and spam analysis centers, have warned
internet users of a spam campaign attempting to steal money
intended to go towards the American Red Cross Hurricane Katrina
The phishing attempt takes the form of an spammed email that
contains official-looking Red Cross logos and images. Its message
describes that those affected by the storm are starting the process
of rebuilding their homes and asks email recipients to donate to
its hurricane relief efforts by clicking on the link in the
If recipients open the web page, they are redirected to a bogus
online donation form that looks very similar to the Official
American Red Cross Hurricane Katrina relief donation page.
The scammers have set up a bogus website,
pretending to be the official American Red Cross
"This is not the first time we have seen immoral opportunists
take advantage of a natural disaster to fill their pockets with
money meant for victims," said Carole Theriault, security
consultant at Sophos. "Phishing attempts do not download viruses or
other threats - instead, they use the message and images to dupe
the recipient into giving away money, usernames and passwords."
Although many phishing sites are almost impossible to
distinguish from the real site they are imitating, this particular
phish displays some marked differences. For instance, the official
American Red Cross site displays a number of different ways you can
donate besides filling in the online form, such as by phone and
post, whereas the bogus site has cut out this information offering
you only the online donation form.
Sophos reminds users to be wary of unsolicited emails, and has
published information about how individuals can learn how to protect
themselves against this and other phishing attacks.
Organizations concerned about being fraudulently represented in
phishing campaigns can sign up to the Sophos early warning system,