National American Red Cross Affirms Security of Online Donations
News Release: October 22, 2001
Contact: Janice Osborne, Manager-Media & Community Affairs
(610) 865-4400, ext. 262
The outpouring of support and the generosity of the American people allow the American Red Cross to continue its support of the victims, families and survivors of the September 11 terrorist attacks. The Red Cross has taken every precaution to provide donors with secure, reliable donation opportunities. Notified by Symantec Corporation on October 17, 2001, the American Red Cross has been working diligently to minimize the effects of the Septer. Trojan computer virus for potential credit card donors.
The virus comes in the form of an executable file attached to an e-mail message. Upon execution, the user is presented with a donation request form to fill out. The e-mail appears to come from the American Red Cross, United Way and the September 11th Fund. Once the form is complete, the personal and confidential information on the form is uploaded to a non-Red Cross Web site. The American Red Cross Office of General Counsel has contacted law enforcement authorities about this fraudulent act.
Symantec aids the Red Cross with information technology security. The company advises that if donors try to close the form without filling out the information, it will display the message: "Please enter information." Persons trying to exit the form should still be able to close the form by holding down the keys Ctrl+Alt+Del and then selecting "end task." If the form has not been filled in, no information will be sent to the virus creator. The American Red Cross advises that people receiving an e-mail message soliciting donations to the Red Cross resembling this description should delete it.
On September 14, the Red Cross sent an e-mail message to 30,000 previous online donors. This message included a URL link to an official, secure online donation site. Red Cross chapters and some supporting businesses nationwide are also known to have sent e-mail fund-raising messages. In all legitimate e-mails, the message linked directly to the American Red Cross Web site, the Web site of an American Red Cross chapter or to one of our online partners who are also legitimately collecting funds on behalf of the Red Cross. The American Red Cross and its online partners accept credit card information only through a secure portal on a Web site, not through an e-mail message.
A financial donors guide is provided on http://www.redcross.org/sponsors/corporatelist.html. The guide is an updated and complete list of corporate sponsors, banks and financial institutions, official secure online collection sites, as well as addresses and phone numbers for donations and information.
Companies throughout the nation are running official Red Cross banners that provide direct links to http://www.redcross.org. The Red Cross encourages any persons with questions or concerns about the legitimacy of an online donation site to please contact the Red Cross directly, donate online at one of our official donor sites, call 1-800-HELP NOW or mail a check or money order to The Liberty Disaster Fund.
