Beware of Scams Related to the Boston Marathon Tragedy

Dawn Irish
Thursday, April 18, 2013 - 3:30pm

FROM US-CERT (United States Computer Emergency Readiness Team)

“Malicious actors are exploiting the April 15 explosions at the Boston Marathon in attempts to collect money intended for charities and to spread malicious code. Fake websites and social networking accounts have been set up to take advantage of those interested in learning more details about the explosions or looking to contribute to fundraising efforts.              

For example, the Twitter account @_BostonMarathon was created shortly after the explosions took place. The account stated it would donate $1 for each retweet and was crafted to closely resemble the legitimate Boston Marathon Twitter account (@BostonMarathon). This account has since been suspended by Twitter; however, the likelihood that similar social media accounts will surface remains high.

Phishing email campaigns are also circulating using subject lines related to the Boston Marathon explosions. Do not open unexpected attachments or click on links in suspicious emails, even if the email appears to be from someone you know.

US-CERT recommends that all persons interested in donating funds should go directly to established charities. Exercise caution when interacting with social media accounts that claim to represent the best interests of those involved in the incident, and directly visit established news sources rather than conducting general search engine queries, as it can be difficult to tell which search results may lead to scam sites.”

  • Be cautious of emails/websites that claim to provide information about the Boston Marathon tragedy, as they may contain viruses.
  • Do not open unsolicited emails, or click on the links/attachments contained in those messages.
  • Never reveal personal or financial information in email.
  • Do not go to websites that you are unfamiliar with to view video or images of the event or information regarding progress in the efforts to apprehend suspects.
  • Never send sensitive information over the Internet before checking a website's security and confirming its legitimacy. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .org)

Official website of the department of Homeland Security:  http://www.us-cert.gov/ncas/current-activity/2013/04/17/Scams-Exploiting-Boston-Marathon-Explosion