The Red Cross issued an alert warning people that its representatives generally don't contact military members or their families directly, and almost always go through other channels such as a commander or first sergeant. Military family members are being urged not to give out any personal information over the phone if contacted by anyone who is unknown to them.
The scam, according to the alert, starts by someone calling a military spouse and identifying herself as a representative of the Red Cross. The caller tells the victim that his or her spouse, who isn't identified by name, was injured while on duty in Iraq and was evacuated to a hospital in Germany. The caller then says the medical unit can't start treatment until paperwork is filled out, and they need the victim to verify the spouse's Social Security number and date of birth.
It's a federal crime, punishable by up to five years in prison, for someone to pretend to be a member or representative of the American Red Cross for the purpose of soliciting, collecting, or receiving money or material.
The alert noted that Red Cross representatives will contact military members or their families directly only in response to an emergency message initiated by the family. The Red Cross doesn't report casualty information to family members. The Department of Defense contacts families directly if their military members have been injured.
Anyone receiving this kind of fraudulent call is being asked to report it to their local Family Readiness Group or Military Personnel Flight.
Scammers have employed such low tactics before. Shortly after the Virginia Tech tragedy in April, spam e-mails began circulating that promised images of the shootings. The e-mails claimed to link to a Brazilian Web site carrying movie footage of the campus shootings. Clicking on the link instead downloaded a malicious screensaver file, called Terror_em_Virginia.SCR), which installs a piece of spyware that acts as a banking Trojan. It can be used to steal passwords, user names, and account numbers.