The urge to help — and to give money — is powerful following a devastating event like Haiti's earthquake, and one of the easiest ways to do it is online. It's also one of the easiest ways to get scammed if you're not sure what you're doing or who you're dealing with.
The FBI, Better Business Bureau and software security companies Wednesday all warned Internet users to exercise caution before opening their wallets to organizations claiming to be charities that will send financial assistance to Haiti.
"Apply a critical eye," said the FBI in a statement, and do "due diligence before responding to those requests."
Security software company Symantec says it typically starts seeing spam and phishing e-mails seeking money, "donations" or access to bank accounts about 24 to 48 hours after after news of a major tragedy such as Haiti's.
And it's not just e-mails that need to be closely monitored. It's social networking sites like Twitter and Facebook, as well as fake Web that sites can pop up as fast as the news itself. There's also the problem of "search engine poisoning," which "we're seeing limited examples of already" in the quake's aftermath, said Joris Evers of McAfee security software.
Search engine poisoning is done by criminals who use software tools to manipulate, or poison, search engine rankings of sites, so that users are steered to certain malicious Web sites.
"Some search terms related to Haiti are turning up dangerous Web pages that may attempt to steal personal information or install malicious code on your PC," said Evers.
"We have also seen a few spam campaigns that mention the disaster in Haiti and we expect to see more scams that will use the event to trick people into giving up money."
Evers said McAfee recommends that those who want to make charitable donations online "go directly to the Web site of a trusted charity and do not follow links in e-mail, even if they seem reputable e-mails."
Said the Better Business Bureau: "Be cautious about online giving, especially in response to spam messages and e-mails that claim to link to a relief organization. In response to the (Indian Ocean) tsunami disaster in 2004, there were concerns raised about many Web sites and new organizations that were created overnight allegedly to help victims."
Those who do receive e-mails soliciting money for Haiti and seeking personal or financial information, are advised to notify the FBI via its Internet Crime Complaint Center Web site.
Included in the FBI's advice:
- Do not respond to any unsolicited (spam) incoming e-mails, including clicking links contained within those messages. Typically, Symantec says, the sender’s e-mail address is forged, and replying may only result in more spam.
- Be skeptical of individuals representing themselves as surviving victims or officials asking for donations via e-mail or social networking sites.
- Be cautious of e-mails that claim to show pictures of the disaster areas in attached files because the files may contain viruses and could infect your computer. Only open attachments from known senders.
- Make contributions directly to known organizations rather than relying on others to make the donation on your behalf to ensure contributions are received and used for intended purposes.
- Do not give your personal or financial information to anyone who solicits contributions: Providing such information may compromise your identity and make you vulnerable to identity theft.
Symantec also suggests that users:
• Avoid clicking on suspicious links in e-mail or instant messages as these may be links to spoofed, or fake, Web sites. "We suggest typing Web addresses, such as those from a charitable organization, directly into the (Web) browser rather than relying upon links within your messages.
• Never fill out forms in messages that ask for personal or financial information or passwords. A reputable charitable organization is unlikely to ask for your personal details via e-mail. When in doubt, contact the organization in question via an independent, trusted mechanism, such as a verified telephone number, or a known Internet address that you type into a new browser window (do not click or cut and paste from a link in the message).
Up-to-date Web browser
It's also important to make sure whatever Web browser you use is the most recent version available to combat phishing Web sites, those that attempt to steal your personal information.
Among the newer browser versions are Firefox 3.0.10 and Internet Explorer 8 for PC users, or Safari 4 for Mac users.
From within the confines of Facebook, a social networking site with more than 350 million members worldwide, Facebook advises users, in general, to "be cautious of any message, post or link you find on Facebook that looks suspicious or requires an additional login."
Users also should make sure they're logging in from a "legitimate Facebook page with the facebook.com domain."
“Whenever there is a major natural disaster, be it home or abroad, there are two things you can count on," said Art Taylor, BBB president in a press release. "The first is the generosity of Americans to donate time and money to help victims, and the second is the appearance of poorly run and in some cases fraudulent charities.
"Not only do Americans need to be concerned about avoiding fraud, they also need to make sure their money goes to competent relief organizations that are equipped and experienced to handle the unique challenges of providing assistance."
Msnbc.com writer Helen A.S. Popkin also contributed to this report.