惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Google DeepMind News
Google DeepMind News
TaoSecurity Blog
TaoSecurity Blog
T
Threat Research - Cisco Blogs
Cisco Talos Blog
Cisco Talos Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
T
Tenable Blog
C
Cybersecurity and Infrastructure Security Agency CISA
GbyAI
GbyAI
Microsoft Security Blog
Microsoft Security Blog
N
Netflix TechBlog - Medium
AWS News Blog
AWS News Blog
Security Latest
Security Latest
L
LINUX DO - 热门话题
Blog — PlanetScale
Blog — PlanetScale
T
Threatpost
Stack Overflow Blog
Stack Overflow Blog
Vercel News
Vercel News
S
Securelist
I
Intezer
D
Darknet – Hacking Tools, Hacker News & Cyber Security
H
Heimdal Security Blog
T
The Exploit Database - CXSecurity.com
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
The Hacker News
The Hacker News
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
H
Hackread – Cybersecurity News, Data Breaches, AI and More
U
Unit 42
The Register - Security
The Register - Security
NISL@THU
NISL@THU
S
Schneier on Security
M
MIT News - Artificial intelligence
The Last Watchdog
The Last Watchdog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Hugging Face - Blog
Hugging Face - Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Hacker News - Newest:
Hacker News - Newest: "LLM"
Y
Y Combinator Blog
Know Your Adversary
Know Your Adversary
罗磊的独立博客
MongoDB | Blog
MongoDB | Blog
美团技术团队
W
WeLiveSecurity
P
Privacy International News Feed
Forbes - Security
Forbes - Security
H
Hacker News: Front Page
小众软件
小众软件
博客园 - 【当耐特】
P
Proofpoint News Feed
P
Privacy & Cybersecurity Law Blog
T
Tor Project blog

GRAHAM CLULEY

Google's Gemini lets strangers send messages from your locked Android phone Anubis ransomware: what you need to know Smashing Security podcast #476: Remote-control rickshaws and rogue book marketers The ransomware negotiator who was working for the other side Invited to a "job interview" with Netflix or OpenAI? Beware! Your Google password could be at risk Smashing Security podcast #475: JadePuffer - the AI that ran a ransomware attack all by itself Two arrested over credit card phishing - as the Netherlands is named Europe's worst for payment fraud The Gentlemen ransomware: what you need to know Smashing Security podcast #474: Polymarket can predict the future. So how did it miss this hack? USB drives carrying China-linked malware infected Japanese military networks for nearly a year Smashing Security podcast #473: How a hacker could have Rickrolled the entire World Cup Hacker hijacks Brazil's national alert system, sending "misanthropy" to millions of phones Apple's Hide My Email tweak leaves privacy fans fuming Imposter scams cost Americans $3.5 billion in 2025 – and it’s getting worse Smashing Security podcast #472: AI gets hacked, and BitLocker gets bypassed Maine forced to take down data breach portal after fake notices filed with authorities Privacy own-goal: World Cup blunder leaks Lionel Messi's passport details Silent Ransom Group: what you need to know Smashing Security podcast #471: This AI worm just rewrote its own rules Why schools remain one of cybercriminals' favourite targets Got a LinkedIn message from a recruiter? It might be Chinese intelligence, warn FBI and MI5 Meta’s own AI chatbot to blame for Instagram accounts being stolen in seconds Smashing Security podcast #470: This AI security flaw might be impossible to fix Police arrest man following hack of Ajax football club MyPillow listed on ransomware gang's leak site, but denies it has been breached Smashing Security podcast #469: What your Oura ring won’t tell you FBI warns of Kali365 phishing kit that breaks into Microsoft 365 accounts — no password required Defenders fall behind, as AI rewrites the rules of a data breach Smashing Security podcast #468: High-speed train hacks and homicidal lawnmowers FBI warns students and staff that ShinyHunters may come knocking after Canvas breach Suspected Dream Market kingpin arrested after gold bars sent to his home address When ransomware gets physical: cybercriminals turn to threats of violence Smashing Security podcast #467: How ShinyHunters hacked the world’s biggest universities One in eight UK workers has sold their company passwords, and bosses think it’s fine Inside Department 4: Russia's secret school for hackers Sri Lanka makes 37 arrests as it raids another scam centre Smashing Security podcast #466: Meta sees everything, Copy Fail, and a deepfake gets hired Teenager alleged to be Scattered Spider hacker arrested in Finland, faces US extradition Iran-linked Handala hackers leak US Marines data, send chilling WhatsApp threats Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions Alleged Silk Typhoon hacker extradited to the United States to face charges French police arrest 21-year-old "HexDex" hacker over 100 alleged data breaches Smashing Security podcast #464: Rockstar got hacked. The data was junk. The secrets it revealed were not Singer loses life savings to fake wallet downloaded from the Apple App Store Sometimes changing the password on your email mailbox isn’t enough 108 malicious Chrome extensions caught stealing Google and Telegram data from 20,000 users AI and cryptocurrency scams are costing Americans billions, FBI reports Life imprisonment for Cambodian scam compound operators - but will it make a difference? Nigerian romance scammer jailed after being caught out by fellow fraudster Alleged RedLine malware developer extradited to United States Iranian hackers breach FBI director's personal email, and post his CV and photos online World Leaks data extortion: What you need to know How one man used 10,000 bots to steal $8,000,000 from music artists Denver's crosswalks hacked to broadcast anti-Trump messages LeakNet ransomware: what you need to know Free parking in Russia after Distributed Denial-of-Service attack knocks city's parking system offline Fraudsters are using public planning records to target permit applicants Your Signal account is safe - unless you fall for this trick Twitter suspended 800 million accounts last year — so why does manipulation remain so rampant? How hackers bypassed MFA with a $120 phishing kit - until a global takedown shut it down They seized $4.8m in crypto... then gave the master key to the internet
Scammers race to cash in on Venezuelan earthquake disaster
Graham CLULEY · 2026-07-01 · via GRAHAM CLULEY

When a devastating earthquake struck north central Venezuela last week, rescue teams were not the only ones who mobilised fast. So did domain registrars.

Researchers at threat intelligence firm WhoisXML API say that they uncovered 212 newly-registered domains referencing the earthquake, all of which had been filed within five days of the disaster.

To put that in context, in the three days before the quake, the company found a grand total of zero matching domains. The disaster struck and on the very same day, registrations began, peaking the following day (25 June) with 105 domains filed in those 24 hours alone, before tapering off over the following three days.

Many of the names of the registered domains look reassuringly helpful: 110 reference aid or donations, 52 use "SOS" or rescue-related wording, 56 mention earthquakes or seismic activity, and 12 refer to missing or affected people.

Meanwhile others promise medical help, listings for shelter, maps, or tracking services.

Now, some of those 212 new earthquake-related domains will no doubt belong to genuine charities and volunteers offering to help with the country's recovery. But, according to researchers, 93% of the domains exposed no individual registrant contact, with those details hidden behind privacy services or simply left blank.

Suspiciously, some of the newly-live websites are already soliciting Bitcoin donations with no verifiable proof that donations will reach victims, according to researcher Alexandre François.

Regular readers of Hot for Security are well aware that disaster-chasing scammers are nothing new, with the pattern recurring for years.

For instance, Hurricane Harvey in 2017 brought such a concerning wave of phishing campaigns and fake charity activity that the FTC issued a direct warning, urging donors to properly vet charities before offering money, and to be wary of any "charity" born overnight.

Scammers played the same trick during the COVID-19 pandemic impersonating UN compensation schemes and recruiting unsuspecting "remote workers" to launder stolen donation money through Bitcoin ATMs.

Even years after a natural disaster scammers can still exploit human misery. That happened a few years after the Japanese tsunami of 2011 when fraudsters attempted "Nigerian Prince"-style scams claiming that dead businessmen had left unclaimed millions.

It's not a new trick, and it doesn't have to be. And that's because exploitation of a major news event - whether it be a natural disaster of otherwise - can be a successful lure for criminals to deploy when defrauding the unwary out of their savings. And when a natural disaster creates an urgent need for response, it is all the easier for cybercriminals to exploit it.

If you want to donate safely for a good cause, type in the URL of a charity that you already know and trust, rather than clicking on links from social media or unsolicited emails.

In addition, you should be suspicious of brand new websites, especially those registered in the days immediately following a disaster, and avoid sites that request cryptocurrency-only donations. Legitimate charities will offer traceable, conventional payment methods and be transparent about where the funds will go.

Generosity after a disaster deserves to benefit the people who need it most, not disappear into the cryptocurrency wallet of a fraudster.