Scammers are apparently exploiting Hurricane Harvey to dupe people with phishing campaigns. The United States Computer Emergency Readiness Team has issued a notice, warning that the Harvey destruction has also attracted cybercriminals and online scammers who are looking to prey on people trying to donate.
While some of these scams are old school with duplicitous charitable organization tricking people, security researchers are also spotting phishing emails that are designed to steal login or even banking information. “US-CERT warns users to remain vigilant for malicious cyber activity seeking to capitalize on interest in Hurricane Harvey,” the warning from the US-CERT, which is a cybersecurity arm of the Department of Homeland Security, reads.
Users are advised to exercise caution in handling any email with subject line, attachments, or hyperlinks related to Hurricane Harvey, even if it appears to originate from a trusted source. Fraudulent emails will often contain links or attachments that direct users to phishing or malware-infected websites.
CERT recommends checking emails sent from even the trusted organizations asking for Hurricane Harvey donations
The warning focuses on not trusting emails sent even from trusted sources or reputable organizations. “Verify the legitimacy of any email solicitation by contacting the organization directly through a trusted contact number,” it notes. “You can find trusted contact information for many charities on the BBB National Charity Report Index.”
With captions like “see this terrifying video” or simple pleas to donate, these emails are designed to prompt people into opening the attachments. Kevin Epstein, vice president of threat operations at ProofPoint, said that one PDF attachment was titled “hurricane harvey – nueces county news release 11 – it’s your chance to help.pdf” but when opened, it prompted readers to enter their email, username and password.
In its advisory, US-CERT has recommended to review these guidelines that have been assembled by the Federal Trade Commission for Hurricane Harvey donations and to find “trusted contact information for many charities” in this directory of national charities.
“It’s heartbreaking to see people lose their lives, homes and businesses to the ongoing flooding in Texas,” Collen Tressler, FTC Consumer Education Specialist, wrote. “But it’s despicable when scammers exploit such tragedies to appeal to your sense of generosity.”