More fake earthquake charities

After our last report of phishing apparently exploiting the tragedy of the earthquake and tsunami here in Japan, we have another example today:


This is quite a well-designed site. Notably, this one uses the logo of the Red Cross. It's registered to an individual with a European-sounding name, Japanese street address and Gmail account.  This one even ups the ante by posting photos and news gathered from other sites:


One of several suspicious elements: the Paypal link from this English-language site goes to the German-language version of Paypal.

The Japanese Red Cross Society have confirmed that they are not affiliated with this site.

So, how do we know which sites to trust? This site has a Red Cross logo, doesn't it?  Here's one tip: you can look at a site's domain name registration information using sites like Whois Source.

For instance, if you search for JPCERT's domain name,, you can see it was registered in 1996: by internet standards, a long time ago. However, a fraudster usually registers a phishing site not long before they plan to use it. In this case, the domain name was registered on 12 March 2011, under a week ago.

That alone doesn't tell you the site is malicious, but it's certainly one potential indicator.  To verify a site more completely, you can contact the charity via alternate means, using contact details you find independently (i.e. not listed on the questionable web site), and ask them if they're behind it.

Better yet, don't follow links emailed or posted, and instead use web sites belonging to established, known charities.