Fraudsters don’t necessarily have to rely on malware to steal money from unsuspecting internauts. They can simply ask them to make a donation to the American Red Cross.
Researchers from Barracuda Labs have identified a fake email that’s purporting to originate from the American Red Cross. However, the email address the notification originates from isn’t hosted on redcross.org
, but redcros.org,
a domain which has nothing to do with the organization.
“A hot meal delivered to victims after a disaster, blood when it is needed the most, shelter when there is nowhere else to turn, an emergency message delivered to a member of the Armed Forces from their family. These are just some of the ways that gifts are put to work through the American Red Cross,” reads the email.
The donation link from the message doesn’t point to a fake PayPal site as in many similar cases. Instead, it points to the genuine website where the user can transfer money into the con artist’s account.
However, the individual the victim makes the donation to, Thomas March, doesn’t seem to have anything to do with the Red Cross.
Furthermore, the Red Cross doesn’t send out emails to random individuals asking for donations. Those who want to help can visit the official website and use their secure forms to make charity payments.
“Never follow links in email. The risk that the link is spoofed is just too great. If there is an organization whose web page you want to visit to do business with, or make a donation, manually enter the domain name in your browser,” Barracuda Labs researchers explain
“Because of fraud, spam, and examples like this one, most large web sites will not include links in their emails.”