No Shock: ALS Ice Bucket Challenge Spawns Phishing Scams

September 3, 2014 @ 10:32 AM
| |
3 min read

It’s nearly impossible to avoid the ALS Ice Bucket Challenge (#ALSicebucketchallenge) since television, social media and the Web at large are flooded with videos of people willing to douse themselves in freezing cold water and make a donation to the ALS Association. According to Forbes, the effort has raised over $100 million over the past month. That’s a far cry from the $2.8 million the organization raised in the same month last year — 3,500 percent more, in fact.

Part of the challenge’s appeal is its simplicity: It takes less than five minutes and requires only a bucket of ice water and a video camera to complete. Celebrities are also getting in on the action — and helping pump up donations — by recording popular videos of their own soakings. How popular are these videos? reports that Bill Gates’ Ice Bucket Challenge video has garnered more than 5 million views, while Robert Downey Jr.’s video pulled in more than 3 million views.

However, with such popularity comes a problem: scams. Con artists are using the incredible reach of this charitable effort to trick users into giving up personal information or making donations that never reach the ALS Association.

Phishing With Dynamite

According to a recent Detroit Free Press article, scammers are trying to grab personal data from unwary ALS challenge viewers. It starts with an email about the “craziest Ice Bucket Challenge yet” and contains either a website link or an attached file. When users go to the website, they are required to provide a few personal details to access the video — which doesn’t actually exist. When they click on the attached file, a malware package attempts to install itself and grab sensitive data. In most cases, this information is sold to underhanded advertisers, but it may also be funneled to less scrupulous actors who create fake social media profiles and email accounts in an attempt to obtain credit card information.

Is There a Donation Risk?

The other major concern, according to Steven Sundermeier of security firm ThirtySeven4, is the creation of spoof Web pages that claim to be ALS donation sites but instead funnel the money to a third party.

“A hacker can set up a fake foundation Web page and have people donate to this page,” Sundermeier said. “We saw this with the Haitian earthquakes.”

The easiest way to avoid this problem is to never rely on site links; always type in the official URL.

Common Problems

With its clever premise and relatively low-cost expectations, it’s no surprise that the ALS Ice Bucket Challenge has been a success and, thus, spawned more than a few scams. But it isn’t alone: In 2013, a Gmail phishing scam targeted residents of Iraq just before the national election, and in December, students from the United Kingdom were targeted by a loan scam.

According to NBC, organizations are now trying to capitalize on the success of the Ice Bucket Challenge by creating their own versions. “Lather Against Ebola” asks challengers to cover themselves in soapy water and then give out three bottles of hand sanitizer to promote basic hygiene, while the “Rice Bucket Challenge” has participants take rice in a bucket and donate it to an Indian food bank. Could one of these become the next phishing superstar?

Ultimately, the ALS challenge highlights a fundamental truth of social media fundraising: Nothing happens in isolation. For all the good done by ice buckets and celebrities, there will always be scammers ready to spin up a phishing effort or spoof website. Protection for individuals and businesses comes from knowing the market — never download, never link, and the results may be shocking.

 |  |  | 
Douglas Bonderud
Freelance Writer

A freelance writer for three years, Doug Bonderud is a Western Canadian with expertise in the fields of technology and innovation. In addition to working for...
read more