September 3, 2014 By Douglas Bonderud 3 min read

It’s nearly impossible to avoid the ALS Ice Bucket Challenge (#ALSicebucketchallenge) since television, social media and the Web at large are flooded with videos of people willing to douse themselves in freezing cold water and make a donation to the ALS Association. According to Forbes, the effort has raised over $100 million over the past month. That’s a far cry from the $2.8 million the organization raised in the same month last year — 3,500 percent more, in fact.

Part of the challenge’s appeal is its simplicity: It takes less than five minutes and requires only a bucket of ice water and a video camera to complete. Celebrities are also getting in on the action — and helping pump up donations — by recording popular videos of their own soakings. How popular are these videos? QZ.com reports that Bill Gates’ Ice Bucket Challenge video has garnered more than 5 million views, while Robert Downey Jr.’s video pulled in more than 3 million views.

However, with such popularity comes a problem: scams. Con artists are using the incredible reach of this charitable effort to trick users into giving up personal information or making donations that never reach the ALS Association.

Phishing With Dynamite

According to a recent Detroit Free Press article, scammers are trying to grab personal data from unwary ALS challenge viewers. It starts with an email about the “craziest Ice Bucket Challenge yet” and contains either a website link or an attached file. When users go to the website, they are required to provide a few personal details to access the video — which doesn’t actually exist. When they click on the attached file, a malware package attempts to install itself and grab sensitive data. In most cases, this information is sold to underhanded advertisers, but it may also be funneled to less scrupulous actors who create fake social media profiles and email accounts in an attempt to obtain credit card information.

Is There a Donation Risk?

The other major concern, according to Steven Sundermeier of security firm ThirtySeven4, is the creation of spoof Web pages that claim to be ALS donation sites but instead funnel the money to a third party.

“A hacker can set up a fake foundation Web page and have people donate to this page,” Sundermeier said. “We saw this with the Haitian earthquakes.”

The easiest way to avoid this problem is to never rely on site links; always type in the official URL.

Common Problems

With its clever premise and relatively low-cost expectations, it’s no surprise that the ALS Ice Bucket Challenge has been a success and, thus, spawned more than a few scams. But it isn’t alone: In 2013, a Gmail phishing scam targeted residents of Iraq just before the national election, and in December, students from the United Kingdom were targeted by a loan scam.

According to NBC, organizations are now trying to capitalize on the success of the Ice Bucket Challenge by creating their own versions. “Lather Against Ebola” asks challengers to cover themselves in soapy water and then give out three bottles of hand sanitizer to promote basic hygiene, while the “Rice Bucket Challenge” has participants take rice in a bucket and donate it to an Indian food bank. Could one of these become the next phishing superstar?

Ultimately, the ALS challenge highlights a fundamental truth of social media fundraising: Nothing happens in isolation. For all the good done by ice buckets and celebrities, there will always be scammers ready to spin up a phishing effort or spoof website. Protection for individuals and businesses comes from knowing the market — never download, never link, and the results may be shocking.

More from

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today