Tsunami Warning

Days after Haiti’s catastrophic earthquake this January, “fan pages” purporting to aid fundraising for emergency relief popped up all over Facebook. The pages said they would donate $1 for each person who joined, a seemingly ingenious harnessing of Facebook activism to altruistic ends. The problem? The pages were fakes, and Facebook acted quickly to shut down the pages and quash another rumor that Facebook would also donate a dollar for status updates that mentioned Haiti relief efforts.

Bob Sullivan at MSNBC’s Red Tape Chronicles blog summed up the danger of the fake fan pages, saying that while simply signing up for the pages may seem safe enough,

a spammer or hacker could harness a large fan group to commit other scams. Fan page administrators are able to contact each fan through status updates, providing a perfect platform for phishing or virus attacks.

So much for safety in numbers.

And then this weekend, only hours after one of the strongest earthquakes in recorded history hit Chile, phishers and spammers began taking advantage of the chaos and lack of information coming out of the region by using the twitter hashtag #hitsunami to spread viruses and malware. Some tweets that seemed to be about the earthquake-generated tsunami headed for Hawaii reportedly hid malicious links, and users who clicked through were in danger of downloading viruses or spyware. The restricted character count of status updates and tweets makes it much easier to hide viral links in the characteristic shortened urls and harder to tell what’s a breaking story and what’s an identity-stealing scam. While social media networks have definitely helped to get the word out about legitimate and even innovative fundraising efforts over the past couple of months – such as donating via text message – it seems as though each time the sites wise up to these threats, a new wave of scams outpaces their best efforts.