Cyber Security

Fraudsters are scrambling to cash in on Venezuela’s earthquake disaster

When a devastating earthquake struck north-central Venezuela last week, it wasn’t just rescue teams that quickly mobilized. So are domain registrars.

Researchers at threat intelligence firm WhoisXML API say they found 212 newly registered domains talking about the earthquake, all of which were posted within five days of the disaster.

To put that in context, three days before the earthquake, the company received a large amount of similar zeros and domains. Disaster struck and on the same day, registrations began, reaching a peak the following day (June 25) with 105 domains registered in those 24 hours alone, before decreasing over the next three days.

Most of the registered domain names look convincingly useful: 110 refer to aid or donations, 52 use “SOS” or rescue-related words, 56 refer to earthquake or earthquake activity, and 12 refer to missing or affected people.

Meanwhile others offer medical assistance, shelter listings, maps, or tracking services.

Now, some of those 212 new earthquake-related properties will undoubtedly belong to charities and volunteers willing to help with the country’s recovery. But, according to the researchers, 93% of the domains revealed that there is no registered contact, with those details hidden behind privacy services or simply left blank.

Suspiciously, some websites that have just gone live are already asking for Bitcoin donations without any convincing evidence that the donations will reach the victims, according to researcher Alexandre François.

Regular students of Hot in Security they know full well that scammers chasing disasters are nothing new, and the pattern has been going on for years.

For example, Hurricane Harvey in 2017 brought such a wave of phishing campaigns and fraudulent charity work that the FTC issued a specific warning, urging donors to vet charities thoroughly before donating money, and to be wary of any “charity” born overnight.

Fraudsters played a similar trick during the COVID-19 pandemic by impersonating UN compensation programs and recruiting unsuspecting “remote workers” to steal donated funds through Bitcoin ATMs.

Even years after a natural disaster, scammers can still take advantage of people’s plight. That happened a few years after the 2011 Japanese tsunami when fraudsters attempted “Nigerian Prince” scams claiming that deceased businessmen had left millions unclaimed.

It’s not a new trick, and it shouldn’t be. And that’s because exploiting a major news event — whether it’s a natural disaster or otherwise — can be an effective tactic for criminals to use when swindling the unsuspecting out of their savings. And when a natural disaster creates an urgent need to respond, it becomes much easier for cybercriminals to exploit.

If you want to donate safely to a good cause, type in the URL of a charity you already know and trust, rather than clicking on links from social media or unsolicited emails.

In addition, you should be suspicious of brand new websites, especially those registered in the days immediately following the crisis, and avoid sites that only ask for cryptocurrency donations. Legitimate charities will provide traceable, regular payment methods and be transparent about where the money is going.

Charity after a disaster should benefit the people who need it most, not disappear into a fraudster’s cryptocurrency wallet.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button