Web braces for wave of hurricane scams

Security experts are warning users of a high risk of phishing operations connected to Hurricane Gustav.

Security experts are warning users of a high risk of phishing operations connected to Hurricane Gustav.

Both the US Computer Emergency Response Team (US-Cert) and security firm Sans issued warnings to users about a rise in the registration of domains connected to relief efforts for the storm, which hit the US Gulf Coast on Monday after tearing through the Caribbean.

Researchers say the registration pattern follows previous instances in which domains were strategically registered in the aftermath of a disaster and then used to host phishing and fraud operations disguised as relief efforts.

The use of fake phishing sites came to a head almost exactly two years ago, when scammers set up numerous fake donation sites to take advantage of those seeking to donate to victims of Hurricane Katrina.

"This time around it looks like the people who like to register domain names in anticipation of a storm's arrival have already started registering them for Gustav and Hanna," wrote Sans researcher Marcus Sachs.

"I'm not suggesting that they are up to no good, but simply pointing out that the rush has started and we need to make sure our users are aware of the potential for scam sites appearing online in the next few days."

US-Cert said in a recent posting that users should follow current best practices against phishing, such as avoiding links in unsolicited e-mails. The group is also recommending that users screen all hurricane relief charities against a special Federal Trade Commission checklist.

Users can also safely donate to relief efforts through known national charities such as the American Red Cross.