Opinion: Katrina scams proliferate

Hurricane Katrina is still wreaking havoc online weeks after its initial punch. Katrina scams are showing up in inboxes and on Web sites, preying on the good-willed, the vulnerable, and even sometimes the greedy.

Scams include identity theft, Trojan horses, bogus investments, and credit-card fraud. Some experts warn of upcoming ripoffs like thousands of severely water-damaged (and smelly) cars from Louisiana being hawked online as in good condition.

Phishing scams

The most popular scam seems to be a ploy to get you to divulge your credit-card number or PayPal account information. Many phishing scams in which people receive e-mails that link to Web sites that look similar to legitimate charity sites have been reported.

Missouri and Florida took action earlier this month to shut down Web sites with names such as katrinahelp.com and katrinafamilies.com. On September 2, Florida Attorney General Charlie Crist filed a civil lawsuit in Nassau County, Florida Circuit Court against Robert Moneyhan, the Webmaster for katrinahelp.com, katrinadonations.com, katrinarelieffund.com, and katrinarelief.com. Moneyhan allegedly used these sites to direct donations to his private PayPal account.

Bogus sites

Suspicious Katrina help sites are commonplace, say law-enforcement officials. The Federal Trade Commission warns that con artists are taking advantage of the disaster to rip off people who want to help victims of the hurricane.

The FBI says 60% of the 2000 sites it has reviewed that claim to offer aid to Katrina victims are registered to people outside the U.S. In a statement, the agency warns these sites are likely to be fraudulent.

More than 2500 storm-related sites have been registered since August, including 450 domains with the word Katrina in them, according to the SANS Institute's Internet Storm Center. The majority of those sites are still "under construction," says the ISC.

'News' leading to Trojan horses

There have increasingly been reports of hackers pasting news about the hurricane into e-mails with "read more" links. Those who click on the links are unwittingly taken to Web sites that secretly install Trojan horse software that gives hackers control over their computer.

For example, experts at both OnlyMyEmail and F-Secure report that they've seen e-mail containing news stories about the Katrina disaster efforts, with a link to "read more" that sends readers to a site that uses a browser security exploit to install the malicious Phel program.

Illegitimate investments

Some con artists are trying to persuade people to invest in post-Katrina stock scams. The Federal Security and Exchange Commission recently issued a warning about investment scams tied to speculation about spiking energy prices. One spam message referred to "a spate of refinery glitches and an unusually active hurricane season" and claims investors could more than double their money in just days on certain penny stocks.

NASD, a private-sector provider of financial regulatory services, says it's aware of investment scams associated with the clean-up or rebuilding of devastated areas. The group recently issued an alert warning investors to beware of scams promoted through faxes and e-mail. One example includes a fax claiming that Katrina would mean a "massive run up" in an unnamed company's stock "as demand to repair homes skyrockets." The fax states, "Any company that gets a tiny slice--even one percent--of this business could add a minimum of $260 million to its bottom line." It urges investors to act quickly and buy the company's "undervalued" stock.

For more PC news, visit PC World. Story copyright PC World Communications, Inc.