Beware of scammers that target both disaster victims and potential donors. US-CERT warns users to be watchful for various malicious cyber activity designed to take advantage of people after disasters.
As an example, you should exercise caution when handling emails related to recent hurricanes, even if those emails appear to originate from trusted sources. Disaster-related phishing emails may trick users into sharing sensitive information, contain malicious attachments, or links to malware-infected websites.
Additionally, you should be wary of social media pleas, calls, texts, or door-to-door solicitations relating to the recent hurricanes.
Hurricane Harvey
Hurricane Harvey traveled across the Atlantic, the Caribbean, and the Gulf of Mexico from August 13 through August 26. It caused at least 70 deaths and was estimated to be the second-costliest natural disaster in U. S. history. At the time, Hurricane Katrina (2005) was considered the costliest at about $175 billion.
Many homeowners suffered catastrophic losses. Regular homeowner insurance policies exclude coverage for flooding and homeowners within a 100-year flood plain are encouraged to purchase flood insurance from the National Flood Insurance Program. Experts estimate that only 15% of the homes in Houston had flood insurance when Harvey hit.
Hurricane Irma
Hurricane Irma traveled across the Atlantic, the Caribbean, and the Gulf of Mexico starting on August 30. It caused catastrophic damage to a string of islands including Barbuda, Saint, Martin, and the Virgin Islands as a Category 5 Hurricane. Waves in Puerto Rico reached 30 feet high. It destroyed the communications infrastructure on the Turks and Caicos Islands. It hit the northern coast of Cuba with sustained windows of 160 mph damaging hospitals, factories, and warehouses.
Irma hit Cudjoe Key (about 20 miles from Key West) on September 10th with an estimated 10 foot storm surge, which is catastrophic considering Cudjoe Key has an elevation of zero feet (even with sea level). It hit Marco Island in Florida later that day and traveled up the west coast of Florida causing significant damage on both coasts of Florida, along with everything in between. The following graphic shows Irma’s huge size compared to the relevant narrow peninsula of Florida. More than 5.5 million people are without power.
As I write this, Irma is traveling north and is expected to impact Georgia, South Carolina, Alabama, and Tennessee.
Gratefully, scientific weather models predicted Irma’s path giving officials a heads up on her path. This, combined with the images we saw from Hurricane Harvey allowed millions to evacuate and saved many lives.
Beware of Scammers
Over the next few days and weeks, we’ll learn the full impact of Irma. We’ll learn how many homes and businesses were destroyed. We’ll learn how many people are left homeless. We’ll learn the estimated amount of destruction and cost to rebuild the destroyed areas.
And we’ll be bombarded with invitations to donate. If you can, by all means do so. However, take some basic steps to ensure your money goes to help the victims and doesn’t add to a criminal’s bank account.
To avoid becoming victims of fraudulent activity, US-CERT recommends that you consider taking the following preventive measures:
- Review the information from the Federal Trade Commission (FTC) on Wise Giving in the Wake of Hurricane Harvey. The same advice applies to giving in the wake of Hurricane Irma.
- Review information from the Federal Bureau of Investigation on Building a Digital Defense Against Charity Fraud.
- Use caution when opening email attachments, and do not click on links in unsolicited email messages. Refer to the US-CERT Security Tip on Using Caution with Email Attachments.
- Refer to US-CERT’s Security Tip on Avoiding Social Engineering and Phishing Attacks.
Another important point is that many people are duped into believing the scammer’s pleas and help these criminals by sharing or forwarding the scams via social media sites.
Criminals love these ill-informed helpers. Don’t be one.
IT Professionals with basic knowledge of malware and phishing scams already know most of this information. This is one of the reasons so many companies value employees with basic cybersecurity knowledge validated with certifications such as Security+.
If you have this knowledge but know others that might still be in the dark, share it with them.