US-CERT would like to warn users of potential email scams, fake antivirus and phishing attacks regarding the Japan earthquake and the tsunami disasters. Email scams may contain links or attachments which may direct users to phishing or malware-laden websites. Fake antivirus attacks may come in the form of pop-ups which flash security warnings and ask the user for credit card information. Phishing emails and websites requesting donations for bogus or charitable organizations commonly appear after these types of natural disasters.
Cybercriminals launched Facebook pages claiming to contain Japanese tsunami videos to lure users to the malicious site. The Facebook page title is “Japanese Tsunami RAW Tidal Wave Footage!” and a script on that page leads users to a fake video page where the video is actually a clickable image. Clicking the image eventually leads users to a page asking for the user’s mobile phone number. The script also triggers an automatic “Like” and displays the link on the victim’s wall.
US-CERT encourages users to take the following measures to protect themselves:
• Do not follow unsolicited web links or attachments in email messages.
• Maintain up-to-date antivirus software.
• Review the Recognizing Fake Antivirus document for additional information on recognizing fake antivirus.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for additional information on social engineering attacks.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for additional information on avoiding email scams.
• Review the Federal Trade Commission’s Charity Checklist.
• Verify the legitimacy of the email by contacting the organization directly through a trusted contact number. Trusted contact information can be found on the Better Business Bureau National Charity Report Index.
For more information please feel free to click on the imbedded links