Security

Beware these Hurricane Harvey phishing and spam attacks

Cybercriminals are taking advantage of people affected by the storm in Houston with phishing emails and scam websites that claim to be supporting hurricane relief efforts. Here's what to look out for.

With every large news event of natural disaster comes a barrage of scam emails and websites, with cybercriminals attempting to take advantage of interest in the situation. Hurricane Harvey, which damaged or destroyed more than 44,000 homes in Houston, TX, has sadly set off a spate of hackers attempting to profit from the disaster.

"Natural disasters are open season for cyber criminals intent on making a buck using time-tested and fraudulent means," said Steve Durbin, managing director of the Information Security Forum. "Email infection, fake websites, and traditional phishing attacks are all to be expected."

Security firm AppRiver discovered a scam email on Wednesday with links to a forged Red Cross donations site. Hackers are also using social media platforms in attempts to solicit charitable donations for flood victims, including creating fake Facebook and Twitter pages dedicated to victim relief containing links to spam websites or malware, as CNET reported.

SEE: Defending against cyberwar: How the cybersecurity elite are working to prevent a digital apocalypse (free PDF)

Earlier this week, the US Computer Emergency Readiness Team (US-CERT) warned citizens to "remain vigilant" for cyber attacks seeking to capitalize on interest in Hurricane Harvey.

"Users are advised to exercise caution in handling any email with subject line, attachments, or hyperlinks related to Hurricane Harvey, even if it appears to originate from a trusted source," according to a US-Cert advisory. "Fraudulent emails will often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from duplicitous charitable organizations commonly appear after major natural disasters."

US-CERT offered the following recommendations for users to protect themselves from phishing scams and malware campaigns:

AppRiver cybersecurity analyst David Pickett also offered the following tips for safe online donating to hurricane victims:

  • Navigate directly to the legitimate sites or charities you may consider donating to. Type in the address manually instead of clicking links.
  • If you aren't sure about a charity, research it first using a third-party watchdog (give.org, charitywatch.org, guidestar.org, or charitynavigator.org).
  • Be extremely suspicious of any attachment or link you may receive via email. Contact the sender directly if there is any question.
  • Utilize checks and credit cards for donations directly to the charity itself, not an individual and avoid cash if possible. This creates a paper trail for tax deductions as well.
  • Do not give out personal information such as driver's license information, social security number, birth dates, mother's maiden name, etc. This information is used by criminals for social engineering their way further into your accounts or ID theft.

"Think before you click," Durbin said. "We all want to be sure that our donations actually go to the people, and charities who need them. Just be sure you pay close attention to who you are donating to so that you don't end up becoming another victim."

istock-606671804.jpg
Image: iStockphoto/scyther5

Also see

About Alison DeNisco

Alison DeNisco is a Staff Writer for TechRepublic. She covers CXO and the convergence of tech and the workplace.

Editor's Picks

Free Newsletters, In your Inbox