NameProtect roots out fake tsunami-related donation sites

Madison, Wis. — At least 170 potentially fraudulent Web sites soliciting donations supposedly for victims of the Indian Ocean tsunami have turned up in a search conducted by NameProtect, a Madison-based brand protection company, and MasterCard International.

The two companies paired up in June 2004 in order to pinpoint and suspend the activity of Web sites and e-mail distributions created for fraudulent online activities such as identity theft. Their partnership Stop Identity Theft, or StopIT, was already firmly in place when the wave of false tsunami-relief sites cropped up.

NameProtect’s analysts and technology look for misused logos and images, especially on newly registered domains. Under the StopIT program, if NameProtect found any site that was fraudulently claiming to be associated with MasterCard or any of its member banks, the company would report this instance to MasterCard, which would investigate the site further and turn it into law enforcement officials if the site was likely a sham.

One technique the companies look for is “phishing,” the use of fraudulent e-mails that ask people to log into cleverly faked sites and give their personal information. Such scams can be avoided by typing in URLs of legitimate agencies directly, instead of clicking on links in e-mails, but phishing still tricks many e-mail users.

The FBI stepped in after the tsunami hit and asked NameProtect to extend its protection program from finding Web sites that impersonate MasterCard affiliates to finding those that impersonate charities. “This is very similar to most phishing, it’s just using the tsunami tragedy to steal money from people,” said Mark McLane, CEO of NameProtect. “It’s directly analogous to what we were already were doing, so it was easy for us to go out and find bad actors and report them to the FBI.”

As of late last week, using NameProtect’s fraud detection technology and systems, the companies have found 170 potentially fraudulent tsunami relief phishing sites, which law enforcement agencies are now investigating. The Web site and e-mail hoaxes have come from locations around the world, and have law enforcement agencies from around the world working to eradicate the problem.

The FBI has arrested one a tsunami-relief scammer. Matthew Schmeider, a 24 year old Pittsburgh, PA resident, is accused of sending more than 800,000 e-mails soliciting donations to Mercy Corps, using its logo. Mercy Corps contacted the FBI after receiving a number of complaints.

FBI spokesperson Bill Carter said on Monday he was unaware of any other arrests so far.

“We characterize these things as the red-light district on the Internet,” McLane said. “We use an effort to use a combination of technology and people to find the people who are doing these things, whether it’s about [the] tsunami or another type of bad-actor activity, and report them to the FBI.”

Generally, phishing e-mails lead to a “landing site” on the Web rather than collecting information directly. NameProtect works to find those sites.

“Even if you might be tricked, the law enforcement is shutting down the landing sites where people collect the money,”? McLane said.