The response to last week&39;s massacre at Virginia Tech ran the emotional gamut, from stunned compassion for the victims and their families to anger at the shooter and perplexity at the slow response. Now comes a warning to temper our compassion with a measure of suspicion. The U.S. Computer Emergency Response Team (CERT) and other security experts are sounding the alarm that phishers and other scammers have moved quickly to exploit the tragedy, just as they did in the wake of Hurricane Katrina.

Within 24 hours of the shootings on Monday, at least 28 domain names had been registered that were clearly related to the tragedy, according to the US SANS Internet Storm Center. In fact, the Second City CEO blog reported that virginiatechshooting.com and three similar domains were bought within 20 minutes.

Some of this heartlessness is just the usual domain squatters and other speculators looking to make a quick buck, either by flipping a momentarily hot domain or by stuffing it full of ads. But it&39;s a virtual certainty that some of these domains will be used to mine visitors&39; sympathy by soliciting donations "for the survivors" — then keeping the donors&39; money and stealing their credit card and identity data.

The good folks at the SANS Internet Storm Center summed up the risk very well:

Be on the lookout for a rash of spam and phishing coming from these leeches. If you receive a plea for donations, check the organization out closely before opening up your e-gold, PayPal, Visa or other account or providing any personal information. In some cases the phishers may use voice, fax, email and websites to dupe generous and thoughtful victims into disclosing valuable information.

This is not to say that every one of these sites was spawned by a phisher, fraudster, or other identity-thieving bottom-feeder. As a comment posted to Second City CEO by one domain&39;s new owner explained:

When people look back at this tragedy they will find all of the sensational articles written by the media, the books, movies, etc. But the actual thoughts and feelings of real people around the world don&39;t have a single, coherent place to be found. So I put up a forum on that domain last night in the hopes that real people will find it useful. When my father was battling cancer last year he found a lot of benefit in the group he belonged to who were in the same position.

And perhaps, just maybe, there is a tiny possibility that some future person who is contemplating an act such as this might come across this site and see not the sensationalism of the mainstream media, but rather the human side and feelings that their potential actions could cause. And just possibly they might change their minds.

It&39;s pretty hard to argue with that — especially since the poster declined the opportunity to publicize the newly bought domain by including it in the comment. It&39;s also quite possible that some of these domains were snapped up pre-emptively by Good Samaritans to keep them out of scammers&39; hands.

That said, however, it&39;s a good rule of thumb that any fly-by-night web site asking for donations is simply not to be trusted. The same goes for email appeals, which are even more likely than web sites to be out-and-out scams. (If you do receive an email that you believe to be a phishing attempt — whatever the topic — please report it to the Anti-Phishing Working Group.)

If you&39;re feeling the urge to help, there are plenty of established organizations out there — though even when you know the name and the logo, you should keep a sharp eye out for phishing emails and clone web sites designed to dupe you and engineered to rob you blind. By all means, feel what you feel and give if the spirit moves you. But don&39;t let your sympathy and generosity be exploited — and your identity stolen — by a few sick, criminal freaks seeking to profit from someone else&39;s pain.