By Brian Krebs and Caroline E. Mayer
Washington Post Staff Writers
Thursday, September 1, 2005
Web sites claiming to collect donations for Hurricane Katrina victims.
Phony e-mails pretending to solicit money from well-known charities.
Online auctions of Internet domain names with Katrina-related addresses, such as "katrinaourtsunami.com."
Less than two days after the hurricane, Internet opportunists are already trying to cash in on public sympathy for Katrina's victims.
Within the past 24 hours, several Web sites have emerged, promising to forward money to relief workers. Bearing such names as Katrinahelp.com, katrinadonations.com and katrinarelief.com, the sites ask for money to be sent through Paypal, but there is no way to verify who is getting the money.
EBay late yesterday halted an online auction of several Katrina-related Web site names, such as "ourtsunami2005.com." Bidding was to start at $15,000, and the seller promised to deliver half of the final winning bid amount to the American Red Cross. EBay allows sellers to dedicate a portion of their profit to charities but requires the seller to either sign up for eBay's own giving program or obtain permission from the charity first. Red Cross officials said no permission had been granted, and eBay said it terminated the auction because the seller did not observe rules on charitable giving.
After last year's tsunami in South Asia, a survey by MasterCard International and security firm NameProtect Inc. found more than 170 tsunami-related scam sites being used to siphon donations to relief efforts. Using a technique known as "phishing," sites or e-mails pretend to represent a legitimate company, such as a credit card firm, to get consumers to post personal information such as a credit card number or bank account.
Yesterday, FBI spokesman Paul Bresson said the agency was investigating reports of fraudsters using e-mail and Web sites to impersonate legitimate fundraising and relief organizations.
"People who want to make a donation or contribute to a cause should actively seek out reputable organizations and then contact them by telephone or by typing their Web address into a Web browser," Bresson said. "The important point is that they initiate this contact on their own."
Federal Trade Commission spokeswoman Claudia Bourne-Farrell said people should never click on any link in an e-mail solicitation because they may end up at a site that looks real but is set up by identity thieves to get confidential information. "If you get an e-mail from the Red Cross, close the e-mail and go to the Red Cross Web site as you otherwise would," through a search engine, phone or regular mail, she said.
It's not just solicitations consumers should worry about. Security experts also caution computer users to remain vigilant against e-mails claiming to contain attached photos of the disaster because clicking on such files could launch viruses or worms.
Fraud watchers said Americans who want to make contributions should stick to Web sites of established national charities. The Web site for the Federal Emergency Management Agency ( http://www.fema.gov/news/newsrelease.fema?id=18473 ) also lists a number of Web sites where people can securely send donations to legitimate charities, as does http://www.give.org , part of the charity-monitoring service of the Better Business Bureau.
Art Taylor, president of the Better Business Bureau's Wise Giving Alliance, said consumers shouldn't be in a hurry to contribute.
"Be careful about new charities that spring up overnight. They may have good intentions, but they don't have the means or experience to deliver aid. And there's no need to feel you need to do something immediate. What charities can possibly be on the ground right now providing services? We can barely get soldiers and other relief people into the area to help. You have time to be deliberative and think through how you want to help. Check out the organization first."
Krebs is a staff writer for washingtonpost.com.