US-CERT Issues Warning About Hurricane Harvey Phishing Scams
 US-CERT Issues Warning About Hurricane Harvey Phishing Scams
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...
August 31, 2017 Comments closed

US-CERT Issues Warning About Hurricane Harvey Phishing Scams

in Hashing Out Cyber Security

Here’s what to look for before you donate to the relief efforts online

As the US navigates through the chaotic aftermath of Hurricane Harvey, it was easy to miss the warning that the US Computer Emergency Readiness Team (US-CERT) issued on Monday. That warning dealt with a despicable practice that has already begun online: Hurricane Harvey-related phishing scams.

There are two sides to every coin. Unfortunately for every incredible story of human compassion and sacrifice – moments involving heroic boat rescues or the kindness of strangers – there’s a guy selling cases of water for $100 or cyber criminals trying to profit off others’ hardships.

Enter the Hurricane Harvey Phishers.

Per US-Cert:

US-CERT warns users to remain vigilant for malicious cyber activity seeking to capitalize on interest in Hurricane Harvey. Users are advised to exercise caution in handling any email with subject line, attachments, or hyperlinks related to Hurricane Harvey, even if it appears to originate from a trusted source. Fraudulent emails will often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from duplicitous charitable organizations commonly appear after major natural disasters.

If just reading that makes you feel a little gross—you’re not alone.

We can’t rid the internet of these sorts of people, as much as we’d like to. But what we can do is offer some advice on what to look for before making any kind of a donation online. After all, we all want to help those affected by Hurricane Harvey, but it’s also important to make sure that the money and resources we donate make it into the right hands.

Here’s What to Look For Before Donating to Hurricane Harvey Relief

For a complete guide on how to spot a fake or fraudulent website, you can click here. But for the sake of this discussion, here’s what you need to know:

The Best Way to Donate is to Go Directly to that Charity’s Website

Even if you see an advertisement for a charitable cause you’d like to get behind, it may be best not to click it. Instead, go directly to that charity’s website by typing it into your address bar. Once there, verify that it’s legitimate and then follow the steps they lay out.

Most phishing attempts involve getting you to click on a specific link that directs you to a spoofed website. The odds that the scammers were able to hack the site of the real charity and redirect you from there are slim-to-nil. So, if you already know what charity you’d like to donate to, type in the URL yourself and head straight to them.

Be Suspicious of Email

Oftentimes in the aftermath of a disaster, people are more willing to forward emails, share social media posts, etc. This, coupled with expert social engineering on the part of the cyber criminals, means that at times like this it’s a lot easier to get people to open emails that they otherwise wouldn’t even consider looking at. This also makes you more likely to click the links in those emails.

Pump the brakes. Here’s some advice for emails:

  • Make sure to inspect the actual email address, not just the name, of the sender.
  • Never open any attachments. Period.
  • Don’t send financial information or personal details via email.
  • If you’re inclined to follow a link, inspect the actual URL.
    • Check that it begins with https
    • Make sure it’s a legitimate domain name
    • If you have any doubt, don’t click it.

Other Things to Consider Before Donating…

  • If you wind up following a link from an email or an ad anyway, make sure that the website is served over HTTPS. No legitimate charity would have a website without an SSL certificate.
  • If you haven’t heard of the charity before, do a little research. If you can’t find anything about it, you may want to support another organization instead. There’s no shortage of reputable charities and organizations to partner with—better safe than sorry.
  • If you need more information, or ideas on how best to pledge your support following Hurricane Harvey, consult the FTC’s guide on Wise Giving in the Wake of Hurricane Harvey.

A Final Word

The state of Texas, and to a lesser extent the Gulf Coast as a whole, need your help and support—in any way you can offer it. But let’s be vigilant and not reward the sickos that are seeking to profit on tragedy.

As denizens of St. Petersburg, Florida, we have a great appreciation for the power of hurricanes and the destruction and devastation they can bring. We stand by our neighbors in Texas.

Author

Patrick Nohe

Patrick started his career as a beat reporter and columnist for the Miami Herald before moving into the cybersecurity industry a few years ago. Patrick covers encryption, hashing, browser UI/UX and general cyber security in a way that’s relatable for everyone.

Recent Posts

Follow Us

Free Ebooks

eBook
Email Spoofing Defense 101 (A 5-Step Guide)

Download Now

eBook
Certificate Lifecycle Management Best Practices Guide

Download Now

eBook
10 Code Signing Best Practices

Download Now