Virginia Tech massacre may spawn phishing scams

Information security experts warned users today to be on the lookout for legitimate-looking websites exploiting Monday's massacre at Virginia Tech.

The SANS Internet Storm Center reported on Tuesday that at least 28 domain names have been registered that relate to the shootings, including www.vatechshooting.com and www.hokiemassacre.com.

SANS handler George Bakos said many of the sites have yet to contain content, and they may be used for a positive purpose, such as fund-raising. Still, users should be wary of receiving emails that direct them to these newly created sites.

"While some of these are undoubtedly well-intentioned organisations joining in the outpouring of support for the friends and family of the victims, others are likely to be opportunists who want to cash in on the suffering of others," Bakos said. "Be on the lookout for a rash of spam and phishing coming from these leeches."

Cho Seung-Hui, a Virginia Tech student, shot and killed more than 30 of his classmates on Monday morning in what is believed to be the most deadly peacetime shooting in US history. He killed himself before police could get to him.

Ben Butler, director of the abuse department at leading domain registrar Go Daddy, told SCMagazine.com today that the company is actively monitoring domain names that are using terms and phrases related to the massacre.

So far, Butler said, Go Daddy is monitoring quite a few sites with URLs related to the shootings.

"It's constantly growing at this point," he said. "In the post-Hurricane Katrina situation, we had several hundred. This one isn't quite that bad yet, but you never know. We try to maintain our objectivity. We have to see the actual malicious intent before taking them down."

Todd Beardsley, lead counter-fraud engineer at TippingPoint, told SCMagazine.com today that people often try to capitalise on heavily reported stories.

"This does happen basically any time anything interesting happens, good or bad," he said. "We saw it first on a large-scale basis with the Asian tsunami. A lot of people will think, 'Oh, they've gone to register their domain. They must be legitimate.'"

Bakos said users should vet organisations asking for cash donations and other personal information.

"With any luck, these have been scooped up by cybersquatters who will be left holding the bag when nobody is heartless enough to use the domains for unscrupulous purposes," he said.

Earlier this week, US-CERT said scammers may spam users with phishing emails that contain links to a site "that appears to be a legitimate charity."

Users are encouraged to only follow trusted links, contact their bank whenever they think their information may have been compromised and call questionable organisations directly to verify their legitimacy.

Sign up to our newsletters