>> ASIAONE / DIGITAL / FEATURES / STORY
Wed, Oct 07, 2009
The New Paper
Look before you click

By Amanda Yong

YOU must have seen photos of injured victims being carried out of wrecked buildings in Padang, Sumatra.

Or news footage of people clinging desperately to driftwood in flood-hit Manila.

And probably images of devastated Samoans mourning the loss of their loved ones to the tsunami that swept across their islands last week.

But there is another group of victims you may not have heard about - those who have fallen prey to the wave of bogus websites and weblinks designed to profit from the recent spate of natural disasters.

Like looters who raid ruined shops and houses, these thieves waste no time in profiteering from tragedy.

Said Mr Ronnie Ng, 39, systems engineering manager in charge of Singapore and Indonesia at IT security firm Symantec: "These cyber criminals try to profit from large-scale events of significant public interest such as the recent natural disasters.

"In Singapore, we have a lot of IT-savvy people who will search for information on these events on search engines like Google and Yahoo."

They may click on links to websites with information on these events. And that's when they get trapped, Mr Ng told The New Paper.

Just type keywords like "Western Samoa", "earthquake" or "tsunami" into any popular search engine, and a whole host of listings will appear.

Mr Ng, who has more than 10 years of experience in software and systems security, said some of these, including many that emerge at the top of the page, are fake.

They link unsuspecting users to websites that attempt to perform fake anti-virus scans by offering to clean the users' computers.

These scans do not come free. Users are asked to pay more than $100 for bogus software to remove the supposed security threats in their computers.

When they do so, not only do they hand over money to hoaxers, they also part with personal information like credit card details that will later be re-used by these cyber criminals.

Users who choose not to download the fake software are constantly bombarded by pop-ups and blacked-out windows warning them of the threats on their computers.

Donations

Crafty cyber crooks also play on public sympathy through fake websites seeking donations for victims of these natural disasters, Mr Ng said.

"These sites try to make people believe the money they are donating will go to the victims of the natural disasters," he added.

But those who fall for these scams compromise their personal information, and giving their credit card details invariably leads to their accounts being breached.

This trend of using news of current events as a means of attack is not new, Mr Ng said.

He said : "In the past, pornographic sites were the ones that were considered relatively unsafe, but the technological landscape has changed so much that even reputable sites including social networking sites like Facebook and Twitter may contain links or applications that have malicious intent."

These websites are neutral platforms which can be used by malicious attackers.

"Nothing's safe," Mr Ng said. "It all depends on whether the site is maintained properly. If there are vulnerabilities that are unpatched, these are holes in the system that cyber criminals can potentially exploit."

And they can adapt quickly to changes because of a "thriving underground economy in which you can buy tools and toolkits to create malicious software", Mr Ng said.

"There are many talented and bright minds out there - cyber criminals who take advantage of the cyber equivalent of the black market (to carry out these attacks)."

So how do users protect themselves?

A good first step is to install strong and updated anti-virus software, Mr Ng said.

But the user must also be aware.

"Only go to reputable websites that you're comfortable with," he said. "Even on these sites, if you see links that are suspicious, that ask for your personal information or ask you to take actions you're not comfortable with, then be on the alert."

As for websites that appeal for donations for victims of natural disasters, Mr Ng said: "Check that the site looks legitimate. If you're suspicious, call the organisation to validate that they're involved in the donation drive, and if there are other means of helping the victims."

ayong@sph.com.sg

This article was first published in The New Paper.

Bookmark and Share
 

 
STORY INDEX
 
  Pretty faces accompany Canon launch
   
 
  Look before you click
   
 
  Will forwarding chain email give you cash?
   
 
  Should you use your phone at the petrol station?
   
 
  Unwilling browser
   
 
  Unable to access hyperlinks
   
 
  Which smartphone is the best one for you?
   
 
  Google help for teachers
   
 
  E-ssential travel mate
   
 
  Will this secret code bring back a stolen phone?
   
>> RELATED STORY
Look before you click
E-readers fast becoming popular
Imagine using trash to power your TV
Warning! Most top-visited S'pore websites don't protect you from fraud
Gadgets uncovered

Elsewhere in AsiaOne...

News: Quake-hit Indonesian city sprayed to stop disease

Travel: A laidback holiday beneath Twin Peaks

Business: Meet the Human Pacman

Multimedia: Reporter interviews S'porean trapped in rubble

 
We welcome contributions, comments and tips.
a1admin@sph.com.sg
9180 1253 (SMS)
6319 8177