Heart Foundation targeted by spam gambling, pornography advertising

5:27 am today

Photo: Supplied

The Heart Foundation's fundraising website was taken offline on Thursday night after it was flooded with spam advertising - everything from pokies to pornography.

A cybersecurity expert said it was yet another example of opportunistic scammers inserting themselves wherever they could.

Masquerading as fundraisers, the spam posts directed viewers to click on shady links.

Cybersecurity expert Tony Grasso said there was no rhyme nor reason.

"I don't think it's targeted for the Heart Foundation, this feels like [it's] utterly automated," he said.

"I think there's an automated engine out there that's looking for vulnerabilities. In this case it's an open way to post things, and they've just posted their adverts on it."

Grasso said it was extremely unlikely that anyone visiting the Heart Foundation website would click on the links, but that wasn't the point.

"I think the odds [of someone clicking] are very, very slim, but remember it costs them nothing. It's no skin off their nose, right, they're not really investing any money," he said.

"In this case they'll dip out on this site, but another site that may be more popular, someone will click on it."

Photo: Supplied

Former rock musician Tim Mahon has survived two heart attacks.

He said targeting a charity like the Heart Foundation was a low blow.

"I think it's appalling, because when you have something like the Heart Foundation, which is simply there for the wellbeing of citizens, how could you possibly want to prey on it? That's like not just picking on one little old lady, it's picking on thousands of them."

Grasso said it damaged the charity's image.

"What it tells you, though, is that the Heart Foundation needs security on their site. It hurts their reputation more than it costs the attacker," he said.

He said many charities didn't have the resources or security knowledge to protect themselves against opportunistic scammers.

"It could be a moderation thing, [but] I think it's more likely the problem started at the initial design. They've got the money to build the website, but not necessarily secure it. These two things don't necessarily go hand-in-hand."

Photo: Supplied

Mahon said the scammers' actions made it harder for would-be donors to trust legitimate fundraisers.

"NGOs find it increasingly difficult to raise funds because of [scammers'] actions, I think people universally go 'well, it's not [the charity's] fault, but oh my goodness how can I trust anything that comes out?' That's the problem."

Heart Foundation responds

A spokesperson for the Heart Foundation said the posts had been removed, and by Thursday afternoon, the fundraising page on its website was offline for maintenance.

"Like many public-facing websites, online fundraising platforms can be targeted by automated spam bots that create fake profiles and post unauthorised content," the foundation said in a statement.

"We are aware that some spam profiles appeared on a third-party fundraising platform. These profiles were removed promptly once identified and no donations were received through them."

Sign up for Ngā Pitopito Kōrero, a daily newsletter curated by our editors and delivered straight to your inbox every weekday.