Select Page

As you may noticed from the odd blogposts here and there, scammers are firmly on the “exploit the Japanese disaster” bandwagon and anything is a target for them at this point. It’s becoming a little overwhelming to keep up with the posts I’m seeing across the security blogs as more scams come to light (I’ve made six posts myself today alone not including this one), so I thought it might be useful to throw together a short reference post with examples of the dubious techniques being used and how to avoid falling victim. If you think you have family members who may click on things or donate to sites they probably shouldn’t, consider gently pointing them in this direction.

1) Spambots.Keywords on Twitter, trending topics and anything else remotely newsworthy are instant green light signals for Bots to bug you endlessly with links to websites such as this:


Click to Enlarge

While some of it is relatively harmless (such as spamming junk links to eBooks, although it certainly wouldn’t be “harmless” to anybody directly affected by the quake receiving such a crass message) there’s plenty of bad things that come from twitter spam. Fake antivirus spam comes and goes on Twitter, but there are also fake Twitter notifications arriving in mailboxes too (scroll down).

Random links from random people in relation to any disaster should always be treated with caution.

2) Fake videos.
The poster boy of malicious websites everywhere, these are perfect bait for users wanting to get a quick fix. Invariably, they’ll pop a prompt or (worse) an installer the moment the user clicks on the “video” – the payload could be anything from random malware to fake antivirus. If it looks a bit like Youtube and you’re being asked to install things, run away. If it pops a survey, run away. The content was not (and never will be) there.


Click to Enlarge

Clickjacking / facebook type scams are also popular where fake videos are concerned. If the content of a Facebook post sounds a bit salacious or beyond the limit of what your workplace AUP would allow, that’s probably because it’s a fakeout designed to get you clicking. The whale scam is a popular one – there are many more out there.


Click to Enlarge

3) Emails and donation websites.

You can safely file unsolicited emails in the junk pile, every single time. It doesn’t matter who they claim to be, ignore it. Websites are a touch more problematic – while there are many legit grass roots efforts popping up on genuine facebook pages, the growing collection of what I like to call “completely random websites” are muddying the waters in spectacular fashion. Remember: anybody can set up a .com, .org, .net – even a .jp. It doesn’t mean the website sporting a Red Cross is any more genuine. There are many 419 mails zinging around related to the disaster, too – examples here and here.

There are a number of genuine donation effort sites listed here, and failing that you can always just go to the Google Crisis Response Page and donate safely. The good news is that many of the more dubious donation sites are having their payment methods switched off.

4) Blackhat SEO poisoning.


Click to Enlarge

Dubious links pointing to fake AV will continue to be an issue for anyone looking at disaster related information, as we can see here, there and everywhere. Of course, there are steps you can take to avoid an unwelcome guest on your desktop. If you get redirected to a fake AV website, more often than not you’re perfectly fine unless you agree to download the installer, double click it, allow it to run and so on. Denying the download will work wonders. If there’s no download but they’ve locked up your browser, CTRL+ALT+DEL or (failing that) ALT+F4 will also be your best friend in these situations.

Additionally, don’t go clicking on random websites with names like “Celebrities with diseases” (see the above screenshot) because you’re pretty much asking for trouble. Stick to legit news websites in the various news portals of search engines such as news.google.com.

Oh, and install AdBlock Plus and / or NoScript too, assuming you use a browser that’s compatible. AdBlock Plus will strip all the adverts from a website, meaning your chances of being hit by a rogue ad banner served on a reputable website are somewhere between zero and zero. NoScript does exactly what it says on the tin, and allows you to control / remove script from websites in a very flexible fashion.

Unfortunately, this is going to keep rolling – in the last hour or so, Dave Marcus of McAfee fame mentioned Fukushima satellite imagery malware doing the rounds. Be careful!

Christopher Boyd