As much as consumers look forward to Christmas every year, retailers salivate at the boost in revenue and its positive impact on earnings. No one enjoys the holidays more than criminals however, from petty scammers to organized crime groups whose tens, perhaps hundreds of millions of dollars in revenue make up for months of preparation. This year’s windfall stands to be supplemented by an unexpected bonus on account of the Haiti disaster. 

There is no shortage to the amount of compassion that such a disaster can bring out in people and the Internet is a great place to reach many, many people. With dozens, perhaps hundreds of individual charities and independent efforts to help Haitian victims, it can be difficult to tell legitimate groups from opportunistic fraudsters.

There is virtually no limit to what these groups can do online. Things to watch out for are:

  1. traditional phishing emails disguised as urgent requests for contributions
  2. pleas for help on social networks
  3. chain emails from people you trust
  4. donation Web sites that look legitimate but will disappear without a trace within 48 hours 

While it is obvious that exercising caution, skepticism and common sense along with a good amount of due diligence will keep most of these types of fraud at bay, Haiti’s situation has something that boosts the success rate for criminals of this type: urgency. 

It is the urgent pleas for assistance, the imagery and the high death tolls that essentially demand more than compassion. They demand money now. Don’t worry about the fact that you’ve never heard of this group. People are dying! And do out the window goes the due diligence. It is in this kind of situation that normally rational people with common sense often find that they fall victim to urgent demands for help, almost out of guilt for even questioning the motives of the charity in question. No advanced hacking techniques required, no zero-day exploits or gun-point attacks: as human beings, the most vulnerable element of the equation is not the computer or the lock on the door, our flaw as human beings may simply be having a heart. 

About the author:
Claudiu Popa, CISSP, PMP, CISA, CIPP, CRMP is an information security consultant and CEO of Informatica Corporation ( Claudiu helps enterprises to understand and mitigate security risks, anticipate and respond to threats, and implement proper security governance. He is the author of the Canadian Privacy and Data Security Toolkit for SME, published by the CICA. Write to simply contribute your comments to this blog. Follow him on or connect with him on