Cybercriminals Target Consumers Looking to Give Disaster Relief

The emails read: “I’m Mrs. Mariam Ellis, a devoted humanitarian, with your assistance I want to set up a foundation (worth millions of dollars) to help the victims of Tsunami in Japan and other environments around the world. The funds are available. Please contact me for more details…”

The only problem is that “Mariam” does not want to set up a foundation for the victims in Japan. If you received an email from someone like “Mariam,” they're most likely a cybercriminal looking to take your good intentions and turn them into their own profit.

Just hours after the magnitude 9 earthquake hit Japan, cybercriminals took to social media websites and email groups, investigators say, and since then they've been busy. So busy, in fact, that the FBI, the Better Business Bureau and the attorneys general in states including in Pennsylvania, Oregon, Texas and Kentucky have been blasting out warnings to beware of scammers.

The Department of Justice, which set up the National Center for Disaster Fraud after Hurrican Katrina, is now looking into reports of  fraudulent relief efforts. It cautions that solicitations may pop up as door-to-door collections, flyers, mailings and telephone calls -- as well in cyberspace.

Internet security company McAfee put together a guide for consumers to stay safe while donating.

According to the company, the emails usually arrive in the form of a humanitarian organization looking to set up a foundation and asking for money, or a personal story from a victim asking for some sort of relief.

It doesn’t stop there, as the criminals have even created ways to get your information through media by advertising dramatic videos and images. In order to view the footage, you unknowingly download malware onto your computer or prompt you to enter personal information.

David Marcus, director of security research and communications at McAfee told that he estimates the company has found at least half a dozen of these websites, but also said that it’s hard to differentiate between them because often the same ones will simply change the wording and create another one.

McAfee has even found sites modeled to look like legitimate and well-known organizations like Red Cross.

So how do you tell if the site where you want to donate is legit?

One thing Marcus said reputable aid organizations don’t typically use PayPal accounts for donations.

Also don’t be quick to trust a website that ends in an “.org” as opposed to a “.com” either, as anyone can register for a “.org” domain. The company also warns against responding to requests that arrive in the form of spam mail, instant message, or text and are overly dramatic. It's also advised to use caution when responding to a request posted through a social media website.

“If you go directly to a disaster relief website, you can donate safely,” said Marcus.

There's no telling as to just how many consumers have fallen victim to these crimes.

“Unfortunately we never get that insight to this type of crime. It’s hard to say how many people are victims,” said Marcus, but he estimated that the cybercriminals have a 10-15 percent success rate. “It’s not so much that they are going to send you out a spam message, but that they know people are going to look for ways to donate money,” so experts have found that they set up a website that indexes very high on a search engine and prey on victims that way.

McAfee advises that if you suspect that you've become victim to a scam  call your credit card company and put a hold on it immediately and contact the Cybercrime Response Union at

Marcus said that McAfee shares that information to other law enforcement, but is not directly working with them.

You can also report a fraudulent charity with the National Center for Disaster Fraud at (866) 720-5721. The line is staffed by live operators 24/7. Email tips can be sent to, or faxed to (225) 334-4707.