Scammers Seek Support for Serrana Flood Victims

In January 2011, floods caused severe calamity in several towns in the mountainous region of Brazil known as the Serrana region, in the state of Rio de Janeiro. Scammers, as usual, are on their toes to take advantage of the opportunity to send scam messages that request fake donations.

Scammers utilized a domain name to carry out the phishing scam. The domain name consisted of words in Brazilian Portuguese which translate to “donations for the tragedy in Friburgo”; Friburgo is a municipality located in the affected region. The Top Level Domain (TLD) of the domain name was Brazil. Though the TLD was of Brazil, the domain name was located on servers based in Dallas, USA. The content of the phishing Web page was in Brazilian Portuguese and translates to:

 “The images show districts affected by the tragedy. The number of cities that reported casualties has risen to five, after heavy rains in the Serrana region caused devastating floods. The municipalities and fire department have confirmed a total of 600 deaths. Rio De Janeiro is in need of your help. We donate food and water to those people who have lost their homes. Please help by donating a little money. You may pay with your credit card or directly from your bank account. On behalf of all the homeless, we are grateful for your help.”  

Below the message were logos of popular banks and credit card services of Brazil. There were a set of hyperlinks below the logos that prompted end users to pay their donations by clicking on the link. Each hyperlink was for a specific amount of donation in dollars. The amounts specified were $5, $10, $15, $30, and $50. Upon clicking the links, end users were redirected to a phishing site that spoofed the corresponding brand. At the bottom of the page, a message stated that end users may also pay donations in other amounts by contacting a particular email address of the same domain name. The phishing sites of the brands asked for the user’s login credentials. Upon entering the login credentials, the phishing site redirected to the legitimate Web site.

In this way, scammers were targeting several brands by means of a single phishing scam. If end users fell victim to the phishing site, scammers will have succeeded in stealing their credentials for financial gain.

Internet users are advised to follow best practices to avoid phishing attacks, such as:

·         Do not click on suspicious links in email messages.    

·         Avoid giving any personal information when answering an email.

·         Never enter personal information in a pop-up screen.

·         Frequently update your security software, such as Norton Internet Security 2011, which protects you from online phishing.


Thank you to the co-author of this blog, Ravish Bagul.