A big news story, like the unprecedented events in Japan over the last few days, leave Internet users open to a unique form of social engineering (the act of manipulating people into performing actions or divulging confidential information). As people open their hearts and wallets to help those stricken, malicious hackers also use this opportunity to send scam and fake emails in the hope of getting money or confidential information.
US-CERT, the operational arm of the National Cyber Security Division (NCSD) at the Department of Homeland Security (DHS), is warning Internet users of potential email scams, fake antivirus and phishing attacks regarding the Japan earthquake and the tsunami disasters. Email scams may contain links or attachments which may direct users to phishing or malware-laden websites, while phishing emails and websites request donations for bogus charitable organizations.
It is important to always to protect yourself:
- Do not follow unsolicited web links or attachments in email messages.
- Maintain up-to-date antivirus software.
- Verify the legitimacy of the email by contacting the organization directly through a trusted contact number.
- Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
- Take advantage of any anti-phishing features offered by your email client and web browser.