September 3, 2014 By Douglas Bonderud 3 min read

It’s nearly impossible to avoid the ALS Ice Bucket Challenge (#ALSicebucketchallenge) since television, social media and the Web at large are flooded with videos of people willing to douse themselves in freezing cold water and make a donation to the ALS Association. According to Forbes, the effort has raised over $100 million over the past month. That’s a far cry from the $2.8 million the organization raised in the same month last year — 3,500 percent more, in fact.

Part of the challenge’s appeal is its simplicity: It takes less than five minutes and requires only a bucket of ice water and a video camera to complete. Celebrities are also getting in on the action — and helping pump up donations — by recording popular videos of their own soakings. How popular are these videos? QZ.com reports that Bill Gates’ Ice Bucket Challenge video has garnered more than 5 million views, while Robert Downey Jr.’s video pulled in more than 3 million views.

However, with such popularity comes a problem: scams. Con artists are using the incredible reach of this charitable effort to trick users into giving up personal information or making donations that never reach the ALS Association.

Phishing With Dynamite

According to a recent Detroit Free Press article, scammers are trying to grab personal data from unwary ALS challenge viewers. It starts with an email about the “craziest Ice Bucket Challenge yet” and contains either a website link or an attached file. When users go to the website, they are required to provide a few personal details to access the video — which doesn’t actually exist. When they click on the attached file, a malware package attempts to install itself and grab sensitive data. In most cases, this information is sold to underhanded advertisers, but it may also be funneled to less scrupulous actors who create fake social media profiles and email accounts in an attempt to obtain credit card information.

Is There a Donation Risk?

The other major concern, according to Steven Sundermeier of security firm ThirtySeven4, is the creation of spoof Web pages that claim to be ALS donation sites but instead funnel the money to a third party.

“A hacker can set up a fake foundation Web page and have people donate to this page,” Sundermeier said. “We saw this with the Haitian earthquakes.”

The easiest way to avoid this problem is to never rely on site links; always type in the official URL.

Common Problems

With its clever premise and relatively low-cost expectations, it’s no surprise that the ALS Ice Bucket Challenge has been a success and, thus, spawned more than a few scams. But it isn’t alone: In 2013, a Gmail phishing scam targeted residents of Iraq just before the national election, and in December, students from the United Kingdom were targeted by a loan scam.

According to NBC, organizations are now trying to capitalize on the success of the Ice Bucket Challenge by creating their own versions. “Lather Against Ebola” asks challengers to cover themselves in soapy water and then give out three bottles of hand sanitizer to promote basic hygiene, while the “Rice Bucket Challenge” has participants take rice in a bucket and donate it to an Indian food bank. Could one of these become the next phishing superstar?

Ultimately, the ALS challenge highlights a fundamental truth of social media fundraising: Nothing happens in isolation. For all the good done by ice buckets and celebrities, there will always be scammers ready to spin up a phishing effort or spoof website. Protection for individuals and businesses comes from knowing the market — never download, never link, and the results may be shocking.

More from

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

6 Principles of Operational Technology Cybersecurity released by joint NSA initiative

4 min read - Today’s critical infrastructure organizations rely on operational technology (OT) to help control and manage the systems and processes required to keep critical services to the public running. However, due to the highly integrated nature of OT deployments, cybersecurity has become a primary concern.On October 2, 2024, the NSA (National Security Agency) released a new CSI titled “Principles of Operational Technology Cybersecurity.” This new guide was created in collaboration with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD SCSC) to…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today