Victims and well-wishers vulnerable to ‘disaster fraud’ cybercrime campaigns, says US government.
US authorities are warning citizens to beware of disaster-related phishing scams, following the arrival of Hurricane Florence on the east coast.
The US Computer Emergency Readiness Team (US-CERT) has issued a notice as cybercriminals look to clean up in the aftermath of the storm.
The advice, issued last night, reads: “Fraudulent emails commonly appear after major natural disasters and often contain links or attachments that direct users to malicious websites.
“Users should exercise caution in handling any email with a subject line, attachments, or hyperlinks related to the hurricane, even if it appears to originate from a trusted source.”
The Category 5 hurricane swept across North and South Carolina last week, leaving behind at least 17 people dead in a trail of destruction.
More than one million residents were forced to either evacuate or risk being trapped in their homes, as flood waters rose to more than six feet high and strong winds reached 90mph.
It comes as a Category 4 typhoon battered Hong Kong this weekend, flooding streets and pulling down scaffolding attached to skyscrapers on the island.
Preying on the vulnerable
Cybercriminals have long been targeting victims of natural disasters, luring vulnerable people into handing over details or cash in exchange for help.
Donors are also often targeted by scammers sending malware-laden phishing emails or setting up fake donation websites that have been loaded with malicious script.
In March, the US Federal Emergency Management Agency (FEMA) issued a warning that criminals were targeting survivors of Hurricane Irma with scam emails that promised payouts for victims, but were instead used for identity theft and fraud.
And after the 2015 earthquake in Nepal killed 9,000 people, donors were warned about an influx of phishing scam emails pretending to be from Nepalese charities.
Similar websites are now being shared on social media after cybercriminals hijacked the #HurricaneFlorence hashtag, warns Stephen Burke, CEO of Cyber Risk Aware.
Burke told The Daily Swig that well-meaning social media users should be cautious when clicking on links, even if they appear to be legit.
“It’s at times like this that decent human beings want to help each other,” he said. “However, the ‘cyber-scum’ amongst us see it as an opportunity to exploit the disaster and human kindness.
“US-CERT has already issued a warning to be vigilant as scammers trick people into clicking on links via Facebook, Twitter, and dedicated phishing emails.
“For example, phishing emails dropping in a user's inbox asking for donations to the #HurricaneFlorence Relief Fund, Facebook pages dedicated to victim relief contain links to scam websites, and tweets with links to charitable websites soliciting donations, but in reality, include links to scam sites or links that lead to a malware infection.”
The UK’s Action Fraud team also advised people to be cautious when logging onto charity websites, looking out for any spelling mistakes on the page itself or in the URL.
A spokesperson told The Daily Swig: “Fraudulent fundraising websites often use topical events, such as a terror incident or natural disaster, to make it look like their charity has been created only recently in response, while the website may also be badly written or have spelling mistakes.
“When you go to a donation page, fraudsters can record your credit or bank account details, so if you are unsure, seek further advice before donating any money.”
Natural disasters aren’t the only low-hanging fruit for cybercriminals.
In the UK, victims of the recent TSB banking meltdown were targeted by scammers sending phishing emails and texts – also known as ‘smishing’ – to obtain user data after services were forced offline for days.
An email seen by The Daily Swig back in April detailed how TSB account holders were being told their account was locked, directing them to phishing website which then attempted to scoop up their login details.