Depravity knows no bounds. Millions of donors had contributed more than $600 million by Sept. 16 to help the victims of Hurricane Katrina, according to news wire reports; however, the FBI also reported that thousands of Web sites have appeared soliciting money for disaster relief, and many of them are fraudulent.

A Sept. 13 article from the Associated Press published in the Washington Post reported that “The FBI [had] so far reviewed 2,100 sites, of which 60% are foreign and thus more likely to be bogus, said FBI assistant director Chris Swecker.”

Even the Federal Emergency Management Agency may have been scammed; the official Web site listed Pat Robertson’s “Operation Blessing” as the second of three recommended charities, yet this charity has a questionable record in allocation of funds, including allegedly taking $400,000 of money originally donated for relief during Rwandan genocide in the mid-1990s and diverting it to send mining equipment to a diamond operation in Zaire in which Robertson was the principal shareholder. Robertson is reported to have refunded that money and then escaped prosecution through political connections.

Some identity thieves have apparently been making donations from their victims’ credit cards. Brian Krebs of the Washington Post wrote in his blog on Sept. 12 that he saw traffic on a chat channel clearly indicating that criminals were doing so (“Scammers ‘donate’ to Katrina Relief Effort”). Krebs immediately forwarded the details of the fraudulent credit card use to the Red Cross and also called two victims to alert them personally of the fraud in the hope that they could cancel those donations. These people confirmed that their cards had been misused.

A Sept. 12 posting on a blog run by Gene Becker, an interesting musician who works for HP Labs, reported on the misuse in a phishing scam of what appears to be a copy of an e-mail appeal from the Republican National Committee; the original (legitimate) links to the American Red Cross Web site were replaced by pointers “to an oddly wholesome looking [Asian Web site] with the title ‘God's Family.’”

Network and security administrators would do well to remind all their users to be on guard about sending money to crooks, especially when everyone's thoughts and prayers are going out to the victims of this recent appalling disaster.

M. E. Kabay, PhD, CISSP-ISSMP, is Program Director of the Master of Science in Information Assurance program at Norwich University.