Websense Security Labs reports a new phishing attack that targets people to donate money in order to support the relief efforts for Hurricane Katrina.

The spoofed email is written in HTML and poses as if it was coming from the Red Cross. The email also has the Verisign "Secure Site" Logo on it to help deceive the end-user that it is legitimate. Upon connecting to the link provided within the email, the user is directed to a fraudulent website which is hosted in Brazil and was up at the time of this alert. The site is also hosting other content and appears to have been compromised. The user's credit card, expiry date, and PIN are requested through a online form and, once entered, the user is then redirected to the real Red Cross website.

Phishing email body:

Victims of Hurricane Katrina are attempting to recover from the massive storm. American Red Cross volunteers have been deployed to the hardest hit areas of Katrina's destruction, supplying hundreds of thousands victims left homeless with critical necessities.

By making a financial gift to Hurricane 2005 Relief, the Red Cross can provide shelter, food, counseling and other assistance to those in need.

Screenshots available within full alert.

[Roasting over a slow fire is too merciful a death for people perpetrating things like this --Ed.]

Related links: (Open in a new window.)
www.websensesecuritylabs.com/alerts/alert.php?AlertID=275

View printable version (opens in new window)
Back