Natural Disasters and the Social Engineer

In between presidential debates and mass marketing, there are news stories about natural disasters all over the globe.  Hurricanes, typhoons, earthquakes, landslides – to just name a few.  Many of us have friends or family that live or travel to these locations and when we see these news reports we are filled with fear. 

picture1

Even if you have no family there, the lost of human life affects us and we are deeply saddened.  Recently when hurricane Matthew hit Haiti and Bahamas then North Carolina – you probably felt like we did.  Watching the number of those who died was upsetting and emotionally difficult to handle. 

But not everyone feels the same way. 

Enter The Social Engineer 

Sadly, not everyone who sees these horrors feels empathy for their fellow man.  Some decide it is the very time to try and steal.  Local papers warned about scammers using various methods, as you can see in the linked article, but we felt it was important to outline what we have seen attackers capitalize on during disasters. 

  1. Phishing – when disasters hit it is not uncommon to see fake charity scams asking for donations, generally made via credit card or bank transfer. 
  2. In person – as the article mentioned above states, people will come out and actually knock on doors of folks asking for money or assistance claiming it is for the victims of the disaster. 
  3. Vishing – the phone scam has definitely increased drastically this year and natural disasters give a very realistic pretext for attacks. 

For those of us that are normal human beings, it is hard to fathom someone using 700+ deaths for self gain, but this is exactly what they do and it works. In 2015 there was over $800 million lost just due to cyber scams according to a report that quoted the FBI. 

What Can You Do? 

There is no 100% fix for this, but there a few things you can do: 

  1. Critically think – does the person on the phone or at your door really represent the charity?  How can you know? Well you may not be able to tell, and a badge or a phone number isn’t enough.  So we suggest if you want to donate, go to the official website, get the phone number and donate via the web or on a phone you know is legitimate. 
  2. Don’t ignore your gut – if your internal sensors make you feel like something is not right, report it. Do not give your bank details and stop the interaction quickly. 

Final note is if you feel you already did something that could have compromised you, call your bank or credit company and put a watch on your account. 

Stay safe. 

The post Natural Disasters and the Social Engineer appeared first on Social-Engineer.Com – Professional Social Engineering Training and Services.

This is a Security Bloggers Network syndicated blog post authored by Amanda. Read the original post at: Social-Engineer.Com – Professional Social Engineering Training and Services