US-CERT Issues Warning About Hurricane Harvey Phishing Scams
Here’s what to look for before you donate to the relief efforts online
As the US navigates through the chaotic aftermath of Hurricane Harvey, it was easy to miss the warning that the US Computer Emergency Readiness Team (US-CERT) issued on Monday. That warning dealt with a despicable practice that has already begun online: Hurricane Harvey-related phishing scams.
There are two sides to every coin. Unfortunately for every incredible story of human compassion and sacrifice – moments involving heroic boat rescues or the kindness of strangers – there’s a guy selling cases of water for $100 or cyber criminals trying to profit off others’ hardships.
Enter the Hurricane Harvey Phishers.
Per US-Cert:
US-CERT warns users to remain vigilant for malicious cyber activity seeking to capitalize on interest in Hurricane Harvey. Users are advised to exercise caution in handling any email with subject line, attachments, or hyperlinks related to Hurricane Harvey, even if it appears to originate from a trusted source. Fraudulent emails will often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from duplicitous charitable organizations commonly appear after major natural disasters.
If just reading that makes you feel a little gross—you’re not alone.
We can’t rid the internet of these sorts of people, as much as we’d like to. But what we can do is offer some advice on what to look for before making any kind of a donation online. After all, we all want to help those affected by Hurricane Harvey, but it’s also important to make sure that the money and resources we donate make it into the right hands.
Here’s What to Look For Before Donating to Hurricane Harvey Relief
For a complete guide on how to spot a fake or fraudulent website, you can click here. But for the sake of this discussion, here’s what you need to know:
The Best Way to Donate is to Go Directly to that Charity’s Website
Even if you see an advertisement for a charitable cause you’d like to get behind, it may be best not to click it. Instead, go directly to that charity’s website by typing it into your address bar. Once there, verify that it’s legitimate and then follow the steps they lay out.
Most phishing attempts involve getting you to click on a specific link that directs you to a spoofed website. The odds that the scammers were able to hack the site of the real charity and redirect you from there are slim-to-nil. So, if you already know what charity you’d like to donate to, type in the URL yourself and head straight to them.
Be Suspicious of Email
Oftentimes in the aftermath of a disaster, people are more willing to forward emails, share social media posts, etc. This, coupled with expert social engineering on the part of the cyber criminals, means that at times like this it’s a lot easier to get people to open emails that they otherwise wouldn’t even consider looking at. This also makes you more likely to click the links in those emails.
Pump the brakes. Here’s some advice for emails:
- Make sure to inspect the actual email address, not just the name, of the sender.
- Never open any attachments. Period.
- Don’t send financial information or personal details via email.
- If you’re inclined to follow a link, inspect the actual URL.
- Check that it begins with https
- Make sure it’s a legitimate domain name
- If you have any doubt, don’t click it.
Other Things to Consider Before Donating…
- If you wind up following a link from an email or an ad anyway, make sure that the website is served over HTTPS. No legitimate charity would have a website without an SSL certificate.
- If you haven’t heard of the charity before, do a little research. If you can’t find anything about it, you may want to support another organization instead. There’s no shortage of reputable charities and organizations to partner with—better safe than sorry.
- If you need more information, or ideas on how best to pledge your support following Hurricane Harvey, consult the FTC’s guide on Wise Giving in the Wake of Hurricane Harvey.
A Final Word
The state of Texas, and to a lesser extent the Gulf Coast as a whole, need your help and support—in any way you can offer it. But let’s be vigilant and not reward the sickos that are seeking to profit on tragedy.
As denizens of St. Petersburg, Florida, we have a great appreciation for the power of hurricanes and the destruction and devastation they can bring. We stand by our neighbors in Texas.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownPayPal Phishing Certificates Far More Prevalent Than Previously Thought
in Industry Lowdown