Hurricane Katrina is still wreaking havoc online weeks after its initial punch. Katrina scams are showing up in inboxes and on Web sites, preying on the good-willed, the vulnerable, and even sometimes the greedy.

Scams include identity theft, Trojan horses, bogus investments, and credit-card fraud. Some experts warn of upcoming ripoffs like thousands of severely water-damaged (and smelly) cars from Louisiana being hawked online as in good condition.

Phishing scams

The most popular scam seems to be a ploy to get you to divulge your credit-card number or PayPal account information. Many phishing scams in which people receive e-mails that link to Web sites that look similar to legitimate charity sites have been reported.

Missouri and Florida took action earlier this month to shut down Web sites with names such as katrinahelp.com and katrinafamilies.com. On September 2, Florida Attorney General Charlie Crist filed a civil lawsuit in Nassau County, Florida Circuit Court against Robert Moneyhan, the Webmaster for katrinahelp.com, katrinadonations.com, katrinarelieffund.com, and katrinarelief.com. Moneyhan allegedly used these sites to direct donations to his private PayPal account.

Bogus sites

Suspicious Katrina help sites are commonplace, say law-enforcement officials. The Federal Trade Commission warns that con artists are taking advantage of the disaster to rip off people who want to help victims of the hurricane.

The FBI says 60% of the 2000 sites it has reviewed that claim to offer aid to Katrina victims are registered to people outside the U.S. In a statement, the agency warns these sites are likely to be fraudulent.

More than 2500 storm-related sites have been registered since August, including 450 domains with the word Katrina in them, according to the SANS Institute's Internet Storm Center. The majority of those sites are still "under construction," says the ISC.

'News' leading to Trojan horses

There have increasingly been reports of hackers pasting news about the hurricane into e-mails with "read more" links. Those who click on the links are unwittingly taken to Web sites that secretly install Trojan horse software that gives hackers control over their computer.

For example, experts at both OnlyMyEmail and F-Secure report that they've seen e-mail containing news stories about the Katrina disaster efforts, with a link to "read more" that sends readers to a site that uses a browser security exploit to install the malicious Phel program.

For more PC news, visit PC World. Story copyright PC World Communications, Inc.