As Americans mark the 10th anniversary of Sept. 11, security officials are trying to head off a different type of attack — a surge of scams tied to mass remembrance of the tragic day.
Watch out for online links that attempt to steal your personal financial information by making false promises of enticing video, photographs and news related to 9/11 if you click on a link.
If past patterns play out again, the come-ons will be in online ads, social network postings and emails. Email subject lines may contain "anything and everything related to the attacks," according to the blog of Ondrej Krehel, chief information security officer for the security firm Identity Theft 911. "That includes bin Laden footage, 'secret' videos, conspiracy theories."
At best, the links will lead you to ads for shady products. But the Department of Homeland Security warns that poisoned attachments on these emails could contain secret software that logs each keystroke you make and sends the data to hackers who extract your sign-ins and passwords from it. The attachments might also contain "malware" that gives crooks remote access to your computer.
Officials at Homeland Security's cyber-security center have issued a warning to federal, state and local officials, as well as private-sector computer network administrators.
"Malicious cyber-actors commonly seek to leverage high-profile news events by posing as a trustworthy source and enticing users to open links or files," DHS spokesman Chris Ortman told the Bulletin.
"For example, a phishing scam may send an email that looks like it's from a reputable news organization with links to photos or video when, in fact, it takes you to a malicious website or downloads harmful viruses onto your computer."
Ortman would not comment on whether the warning is a proactive measure or signals there is specific intelligence that cyber-attacks are planned. But keep in mind that after the May 2 shooting of Osama bin Laden, scammers almost immediately sent out a flood of email keyed to the event. Many included links claiming to show "exclusive" or "unseen" pictures and video of the raid by Navy SEALs.
In addition to these scams, beware of charity cons tied to the anniversary. They could also come via email or by telephone and door-to-door solicitations.
"9/11's ten-year anniversary is sure to evoke emotions, memories and, of course, philanthropy," says Dale Mingilton of the Better Business Bureau in a press release. "It could also, unfortunately, serve as a platform for scammers and those who conduct irresponsible fundraising."
Last week, an Associated Press investigation found that some nonprofit groups that were started after the attacks never delivered on their promises. For instance, one charity raised more than $700,000 for a giant memorial quilt but never produced a quilt. Another raised more than $4 million supposedly to help victims, but couldn't account for how it spent that money.
And in January, Sen. Charles Schumer (D-N.Y.) and Rep. Jerrold Nadler (D-N.Y.) took aim at 10th-anniversary coins being sold for $29.95 apiece by National Collector's Mint, a private company.
"Profiteering off of a national tragedy will not be tolerated," the two lawmakers said in a statement. The company, which has said it contributes part of the proceeds to charity, no longer offers the coins on its website.
Your defense for a safer 9/11 remembrance:
- For online videos related to the anniversary, rely on websites run by TV networks and other reputable news organizations.
- Don't click on links in emails or advertisements related to 9/11 — even if the emails appear to come from friends. These messages might actually be spam sent by cybercrooks who've hijacked your friends' online address books and turned their computers into remotely directed "botnets."
- Suspect a hacker attack if your computer prompts you to download a plug-in or other software to view a photo or video. If your computer is less than 10 years old, odds are that you already have everything you need to see multimedia content, says Krehel.
- Set your privacy settings as tight as possible on Facebook and other social networks so you are the only person who can post content to your page.
- Make sure your computer is up-to-date with the latest security patches. With Windows, run a Windows Update. With a Mac, run a Software Update. As always, run scans with your antivirus software several times a week.
- Before donating to any 9/11 (or other) charity, check that the charity is legitimate; here's how.
Also of interest: Ways to volunteer, make a difference. >>
Sid Kirchheimer is the author of Scam-Proof Your Life, published by AARP Books/Sterling.