Krebs - Beware of Hurricane Florence Relief Scams

If you’re thinking of donating money to help victims of Hurricane Florence, please do your research on the charitable entity before giving: A slew of new domains apparently related to Hurricane Florence relief efforts are now accepting donations on behalf of victims without much accountability for how the money will be spent.

For the past two weeks, KrebsOnSecurity has been monitoring dozens of new domain name registrations that include the terms “hurricane” and/or “florence” and some word related to support (e.g., “relief,” “assistance,” etc.). Most of these domains have remained parked or dormant since their creation earlier this month; however, several of them became active only in the past few days, directing visitors to donate money through private PayPal accounts without providing any information about who is running the site or what will be done with donated funds.

The landing page for hurricaneflorencerelieffund-dot-com also is the landing page for at least 4 other Hurricane Florence donation sites that use the same anonymous PayPal address.

Among the earliest of these is hurricaneflorencerelieffund-dot-com, registered anonymously via GoDaddy on Sept. 13, 2018. Donations sent through the site’s PayPal page go to an email address tied to the PayPal account on the site (info@hurricaneflorencerelieffund-dot-com); emails to that address did not elicit a response.

Sometime in the past few days, several other Florence-related domains that were previous parked at GoDaddy now redirect to this domain, including hurricanflorence-dot-org (note the missing “e”); florencedisaster-dot-org; florencefunds-dot-com; and hurricaneflorencedonation-dot-com. All of these domains include the phone number 833-FLO-FUND, which rings to an automated system that ultimately asks the caller to leave a message. There is no information provided about the organization or individual running the sites.

The domain hurricaneflorencedisasterfund-dot-com has a slightly different look and feel, invokes the name of the Red Cross and also includes the 833-FLO-FUND number. Likewise, it accepts PayPal donations tied to the same email address mentioned above. It claims “80% of all donations go directly to FIRST RESPONDERS in North & South Carolina!” although it provides no clear way to verify that claim.

Hurricaneflorencedisasterfund-dot-com is one of several domains anonymously accepting PayPal donations, purportedly on behalf of Hurricane Florence victims.

The domain hurricaneflorencerelief-dot-fund, registered on Sept. 11, also accepts PayPal donations with minimal information about who might benefit from monies given. The site links to Facebook, Twitter and other social network accounts set up with the same name, although none of them appear to have any meaningful content. The email address tied to that PayPal account — hurricaneflorencerelief@gmail.com — did not respond to requests for comment.

The domain theflorencefund-dot-com until recently also accepted PayPal donations and had an associated Twitter account (now deleted), but that domain recently changed its homepage to include the message, “Due to the change in Florence’s path, we’re suspending our efforts.”

Here is a Google spreadsheet that tracks some of the domains I’ve been monitoring, including notations about whether the domains are active and if they point to sites that ask for donations. I’ll update this sheet as the days go by; if anyone has any updates to add, please drop a comment below. All of the domains mentioned above have been reported to the Justice Department’s National Center for Disaster Fraud, which accepts tips at disaster@leo.gov.

Let me be clear: Just because a site is listed here doesn’t mean it’s a scam (or that it will be). Some of these sites may have been set up by well-intentioned people; others appear to have been established by legitimate aid groups who are pooling their resources to assist local victims.

For example, several of these domains redirect to Freedomhouse.cc, a legitimate nonprofit religious group based in North Carolina that accepts donations through several domains that use an inline donation service from churchcommunitybuilder.com — a maker of “church management software.”

Another domain in this spreadsheet — florencereliefeffort.org — accepts donations on its site via a third party fundraising network Qgiv.com. The site belongs to a legitimate 501(c)(3) Muslim faith-based nonprofit in Raleigh, N.C, that is collecting money for Hurricane Florence victims.

If you’re familiar with these charities, great. Otherwise, it’s a good idea to research the charitable group before giving them money to help victims.

As The New York Times noted on Sept. 15, one way to do that is through Charity Navigator, which grades established charities on transparency and financial health, and has compiled a list of those active in the recovery from Florence. Other sites like GuideStar, the Better Business Bureau’s Wise Giving Alliance and Charity Watch perform similar reviews. You can find more details about how those sites work here.

Finally, remember that phishers and malware purveyors love to seize on the latest disasters to further their schemes. Never click on links or attachments in emails or social media messages that you weren’t expecting.



from Krebs on Security https://krebsonsecurity.com/2018/09/beware-of-hurricane-florence-relief-scams/

Comments

Popular posts from this blog

Krebs - NY Charges First American Financial for Massive Data Leak

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"