Beware of fraud emails from fake Boston charities

-A A +A

USDA says scammers are taking advantage of marathon tragedy.

By Staff Reports

The Virginia Department of Agriculture and Consumer Services reminds the public to be wary of possible fraudulent charitable solicitations since the Boston Marathon explosions.
“Individuals need to be aware of emerging fraud online associated with the explosions and how to take necessary precautions when using email and social networking websites,” the department said.
There have been reports of spam e-mail being circulated to lure potential victims to malware and exploits. The subject of the spam email in one version is “Boston Marathon Explosion.” It contains links that could infect computers.
Clicking on the link opens a compromised web page that shows a series of videos of the attack site. There is an unloaded video at the bottom of the web page that leads to the Red Exploit Kit, which exploits various vulnerabilities on the user’s computer.
Once an exploit has been successful, the user sees a popup asking them to download a file at which time malware is downloaded.
Social media is another avenue criminals use to solicit donations. According to various reports, a Twitter account was created soon after the explosions that resembled a legitimate Boston Marathon account. Allegedly, for every tweet received to the account a dollar would be donated to Boston victims.
Though the account was suspended by Twitter, it is likely others may use this same method to commit fraud. The FBI was made aware of at least 125 questionable domains registered within hours of the Boston Marathon Explosions, the consumers department said.
Messages may contain pictures, videos and other attachments designed to infect computers with malware. Do not agree to download software to view content.
Links appearing as legitimate sites (example: fbi.gov), could be hyperlinked to direct victims to another website when clicked. These sites may be designed to infect a computer or solicit personal information. Do not follow a link to a website; go directly to the website by entering the legitimate site’s URL.
Verify the existence and legitimacy of organizations by conducting research and visiting official websites. Be skeptical of charity names similar to — but not exactly the same as — reputable charities.
Do not allow others to make the donation on your behalf. Donation-themed messages may also contain links to websites designed to solicit personal information, which is routed to a cyber criminal.
Make donations securely by using debit/credit card or write a check made out to the specific charity. Be skeptical of making donations via money transfer services as legitimate charities do not normally solicit donations using this method of payment.

Suspicious email solicitations or fraudulent websites may be reported to the FBI’s Internet Crime Complaint Center: www.ic3.gov.