Online scams emerge in Katrina's wake

Hurricane Katrina has spawned more than misery and destruction -- a new wave of scam emails and Web sites are exploiting the tragedy.

Phony Web sites and emails, purporting to offer help to hurricane victims or provide more news on the destruction, are making their rounds on the Internet, security experts said on Thursday.

One spam campaign is circulating that offers breaking news reports, but tricks people into clicking on a link that takes them to a bogus Web site that attempts to infect their computers with malicious software, according to security firm Sophos. The Web site tries to exploit vulnerabilities in Internet Explorer and install malicious code, including the Troj/Cgab-A Trojan horse, Sophos said.

Some of these emails carry subject headers such as 're: g8 Tropical storm flooded New Orleans' and 're: q1 Katrina killed as many as 80 people'.

"If users click on the link contained inside the email, they will be taken to a malicious Web site which will try and infect their computer," Graham Cluely, senior technology consultant for Sophos, said in a statement. "Once infected, the computer is under the control of remote criminal hackers who can use it to spy, steal or cause disruption."

Other bogus emails are circulating that ask people to aid hurricane victims and their families by clicking on a PayPal button to make a donation, said Johannes Ullrich, chief research officer for the Sans Institute.

"They're using PayPal because it allows them to be more anonymous. But if you reply and ask them for their address to mail the check, they don't respond," Ullrich said, noting that in many cases it is difficult to ascertain whether the email is legitimate.

He advised people to ask the organisation for its nonprofit tax ID before making a donation. That ID number can be checked against the database housed by the US Internal Revenue Service. Consumers should also review the list of reputable nonprofit agencies posted on the Federal Emergency Management Agency Web site, he said.

Scams perpetuated on the Internet following a disaster are nothing new. However, Katrina-related scams seem to be appearing faster than those linked to relief efforts after the Asian tsunami late last year, Ullrich said.

"The activity level is about the same, but maybe faster," he said. "It could be because it's a hurricane and you can plan for it. Some of the domain names with a hurricane suffix are already taken up, because the World Meteorological Organization comes out with a list of names that goes out six years in advance."

Currently, there are 106 Web sites that are registered with the name Katrina and hurricane, weather, disaster, relief or fund included in the domain, according to security monitoring company Websense. Of those, roughly a third lack original content and have notices indicating they are under construction, coming soon, or the domains are up for sale, Websense said.