Security advisors such as the United States Computer Readiness Team (US-CERT) and the SANS Institute are warning people to watch out for online scams related to the Japanese earthquake and tsunami relief effort.
US-CERT encourages users to take the following measures to protect themselves:
- Do not follow unsolicited web links or attachments in email messages
- Maintain up-to-date antivirus software
- Review the Recognizing Fake Antivirus document for additional information on recognizing fake antivirus
- Refer to the Avoiding Social Engineering and Phishing Attacks document for additional information on social engineering attacks
- Refer to the Recognizing and Avoiding Email Scams document for additional information on avoiding email scams
- Review the Federal Trade Commission’s Charity Checklist
- Verify the legitimacy of the email by contacting the organization directly through trusted contact information, which can be found on the Better Business Bureau National Charity Report Index
More simply, do not respond to email solicitations, but donate directly to reputable organizations such as Doctors Without Borders, the Humanitarian Coalition and the Red Cross. Also ensure that the donation form is secured with an SSL certificate.
For charitable organization website operators, please consider using an Extended Validation (EV) SSL certificate. In addition to enabling encryption security, the EV SSL certificate positively identifies the owner of the website that is requesting the donation. EV SSL certificates were developed by the CA/Browser Forum and are supported by most major browsers and certification authorities (CA).