Man Admits to Tsunami Phishing Scam

A Pennsylvanian man admits to sending more than 800,000 e-mails purporting to be from a charity appealing for funds for victims of the Asian tsunami.

A Pennsylvanian man has admitted sending more than 800,000 e-mails purporting to be from a charity appealing for funds for victims of the Asian tsunami—funds that would instead have ended up in his PayPal account.

According to court documents, Matthew Schmeider, a 24-year old unemployed painter from Pittsburgh, admitted sending the e-mails that claimed to be from international aid group Mercy Corps. Schmeider claimed he intended to use the money to pay off debts and repair a car, but would have passed some of the money on to legitimate charities. However, when arrested, his PayPal account contained only $150 in donations.

/zimages/6/28571.gifClick here to read why David Coursey is saying tsunami warning systems need major work.

Schmeider, the first American to be arrested in connection with a tsunami scam, was charged with fraud and released on bail of $25,000. He is due back in court for a preliminary hearing next week.

One of the worst natural disasters of the past 100 years, the tsunami has spawned a commensurately large number of e-mail scams, with e-mail specialist MessageLabs estimating that there are currently more than 100 such scams in circulation. The scams range from those, like Schmeiders, that purport to be from aid agencies seeking donations to variants of the infamous "Nigerian 419" e-mail, claiming to be from a survivor seeking to move money out of the region.

According to anti-virus company Sophos, the tsunami has also attracted the attention of virus writers, with a mass-mailing worm—dubbed W32/VBSun—sent out claiming to be information about donating to the relief effort.

Graham Cluley, senior technology consultant at Sophos, described the worm as "a new low."

"This gruesome insensitivity is a despicable ploy to get curious computer users to run malicious code on their computers," he said. "Everyone should be wary of unsolicited e-mail attachments and visit the established charity Web sites instead if they wish to assist those suffering as a result of the disaster."

Another worm, VBS/Geven-B, attempted to spread a message, calling the tsunami "Gods avenge" [sic] on its victims.

/zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.