CastleCops® - Amazon.com and American Red Cross Phishing Emails

Amazon.com and American Red Cross Phishing Emails

By Robin Laudanski
September 7, 2005

Now is the time if there ever was one to double check before you send your money out to anyone, including what you think is a reputable company. Please do not respond to emails which are soliciting funds for the Katrina relief effort. The potential is too great the emails to be fraudulent. Just as Paypal, eBay, FDIC, and many major banks are routinely targetted as a means to defraud everyday people of their money now the American Red Cross and Amazon.com are being used in the same fashion. Again this is the beginning as the relief effort continues there will be more and more attempts.

The following is the header information from an email received earlier today which appeared on the surface as legitimate.

Return-Path:
Received: from pacificworld.com ([203.127.222.130])
by bugsbunny.castlecops.com (8.13.4/8.13.4) with ESMTP id j876Fitj024855
for ; Wed, 7 Sep 2005 02:15:47 -0400
Received: from localhost (localhost [127.0.0.1])
by pacificworld.com (Postfix) with ESMTP id AEEEB293F17
for ; Wed, 7 Sep 2005 14:15:43 +0800 (SGT)
Received: from pacificworld.com ([127.0.0.1])
by localhost (travel.pacificworld.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 14829-07 for ;
Wed, 7 Sep 2005 14:15:43 +0800 (SGT)
Received: by pacificworld.com (Postfix, from userid 2191)
id 1FD1721AB2A; Wed, 7 Sep 2005 09:55:57 +0800 (SGT)
To: email address removed
Subject: Amazon.com & American Red Cross Hurricane Katrina Relief
From: "Amazon.com"
Message-Id: <20050907015557.1FD1721AB2A@pacificworld.com>
Date: Wed, 7 Sep 2005 09:55:57 +0800 (SGT)
X-Virus-Scanned: by amavisd-new at pacificworld.com
X-NOD32Result: clean
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on bugsbunny.castlecops.com
X-Spam-Level:
X-Spam-Status: No, score=0.3 required=5.2 tests=AWL,BAYES_40,HTML_MESSAGE, HTML_TAG_EXIST_TBODY,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY, NORMAL_HTTP_TO_IP,RCVD_IN_BL_SPAMCOP_NET autolearn=no version=3.0.4 X-Spam-DCCB: dcc.uncw.edu
X-Spam-DCCR: bugsbunny.castlecops.com 1201; Body=4 Fuz1=4 Fuz2=4
Status:
X-Antivirus: AVG for E-mail 7.0.344 [267.10.19]
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=======AVGMAIL-431EF25D6592======="

The email was intended to appear to have been sent from Amazon.com. Obviously looking at the headers we know this is false. Unless of course Amazon suddenly decided to stop using their own servers and switch over to pacificworld.com.

The point I'm trying to make here is don't let your eyes deceive you. The email comes in and it appears to be legit because it has logos and images that should all be associated with the company. Here is the problem, the images and links in the email and the associated forged website are being pulled directly from the legitimate one.

The following is the actual email:

Online Donation for Victims of Hurricane Katrina

� Amazon.com Online Donation

All of us at Amazon.com are deeply saddened by the loss and devastation resulting from Hurricane Katrina.By making a financial contribution to support Hurricane Katrina relief efforts, the Red Cross can provide shelter, food, counseling and other assistance to those who need help.

Victims of Hurricane Katrina are attempting to recover from the massive storm. American Red Cross volunteers have been deployed to the hardest hit areas of Katrina.s destruction, supplying hundreds of thousands of victims left homeless with critical necessities. By making a financial donation to support hurricane relief efforts, the Red Cross can provide shelter, food, counseling and other assistance to those affected by Hurricane Katrina. Privacy Notice: If your donation is $250 or more, Amazon.com will provide your name, credit card billing address, and donation amount to the American Red Cross, and the American Red Cross will provide you with a receipt for your donation. Other than this, Amazon.com will not share information about you with the American Red Cross. Amazon.com has waived all customary Honor System fees associated with your contributions to the Red Cross.

Click here to make a financial >contribution

We are grateful for the continued generosity of Amazon.com customers at this time of great need. Thank you in advance for your support.

Sincerely,
Amazon.com Customer Services

�

On the surface it looks legit. The website the donate link points to is absolutely forged but it is good enough to pass on first glance. The forged site has been reported to the proper authorities.

This is a great example of why not to click on a link in an email. If you want to give money or other donations to the Red Cross, Salvation Army or other charity please go directly to their official site. Do not assume because a request came in email that it is legit even if it looks like it is. Copying the exact appearance of a webpage isn't a difficult task, it doesn't take a long time to set up. Once it is setup all that remains is for the bait (email above) to do its work.

I know some people reading this might be thinking 'surely people aren't still being taken in like this', but that is the point. They are being taken in, they are being victimized, they are being stolen from. It is our responsibility to help educate people. These kinds of emails and faked webpages will continue to exist as long people continue to be taken advantage of. The criminals don't care how old you are, or what income bracket you are in, or if you are sick in your body or anything else about you. What they care about is the fact that they can make a living off of stealing from you. Please if you get emails like this or find fake sites report them to the FBI, let the authorities do what they can to take back the internet. Make a report to the FBI directly or go to http://fbi.gov and click on the "submit a tip" link.