David Michmerhuizen & Luis Chapetti – Security Researchers, Barracuda Labs
As we wrote last week, scam artists were quick to take advantage of the recent disaster in Japan.
Since then they've been hard at work making their appeals even more sophisticated. Within the last few days the spam traps at Barracuda Labs have detected a very large campaign that carefully impersonates the British Red Cross.
There are many small clues in the email that flag it as suspicious. The use of a free webmail host and the desire for payment via Western Union are two, but what is most damning is that the ‘donate now' button takes you to a small otherwise unused website rather than to the official Red Cross website.
This web page is very convincing, but it still isn't the Red Cross.
Links in emails are very easy to hide or spoof. Barracuda Networks advises that you not click on such links to go to external sites. Instead, determine the actual website of the organization you want to visit, whether it be a charity or a bank or even your phone company, and then enter that website name directly into your web browser.
We have not yet seen similar spam targeting other national Red Cross organizations but these sorts of scams are very easy to set up. The British Red Cross is aware of the problem.
The British Red Cross does have a website that accepts donations at redcross.org.uk, as does the American Red Cross at www.redcross.org.
Barracuda Networks customers using the Barracuda Spam & Virus Firewall protected from these spam mailings.