The physical damage from Tropical Storm Harvey is expected to spread further in the coming week as the storm continues to move along the Gulf Coast. At least 10 people in Texas have been killed related to the storm, local officials said, and the continuing rainfall could total as much as 50 inches in some areas by the end of the week. On Monday, a day after Louisiana Gov. John Bel Edwards called on the federal government for assistance, President Donald Trump declared a state of emergency in Louisiana. Texas Gov. Greg Abbot described the storm as “one of the largest disasters America has ever faced,” and FEMA administrator Brock Long said the agency is gearing up for the years-long recovery process that will follow.
Naturally, people want to help the victims with that recovery process, and scammers are already capitalizing on that goodwill to defraud individuals and carry out other malicious activity, several agencies have warned.
The Better Business Bureau said it has already seen sketchy crowdfunding efforts and expects the coming months to see the usual flood of “storm chasers” — ranging from legitimate contractors looking for business to scammers attempting to take advantage of those who’ve already been victimized by the storm. In addition, US-CERT is warning users “to remain vigilant for malicious cyber activity seeking to capitalize on interest in Hurricane Harvey.”
SurfWatch Labs also noted in a recent customer alert that we have observed hundreds of new domains being registered containing “harvey,” many of which will likely be used for scams related to the storm.
Scams following national disasters like Harvey have come to be the norm, as malicious actors will attempt to exploit any event or news story that grabs the collective consciousness of a large group of people. For example, researchers recently discovered that the Chinese group APT 17 was leveraging the popularity of Game of Thrones in spear phishing emails designed to infect their targets with malware by teasing potential victims with the headline, “Wanna see the Game of Thrones in advance?”
Similar attack vectors leveraging users’ natural curiosity tend to follow nearly every major news story; however, with natural disasters people are more willing to hand over their payment information and make a donation, so there is more profit — and more incentive — for fraudsters to capitalize on such events. These attack vectors include:
- email phishing designed to steal personal and financial information;
- fake websites and crowdfunding pages impersonating legitimate charities;
- in-person and phone scammers, such as fake contractors or government officials that offer services or aid with no intention of following through;
- and social media posts designed to entice users to either visit a malicious site, download malware, provide personal information, or perform acts that will earn the fraudster money.
With the National Weather Service describing Harvey as “unprecedented” and “beyond anything experienced,” it is likely that relief efforts will continue for years into the future. As SurfWatch Labs noted after Hurricane Matthew, those who wish to help or are seeking aid should be cautious about who they provide information to in order to avoid falling victim to these social engineering scams. Some tips include:
- Never click on links or open attachments unless you know who sent it and what it is. Malicious email attachments and links are among the most common ways for cybercriminals to spread malware and steal information.
- Never reply to emails, text messages, or pop-ups that ask for personal information.
- Cybercriminals may use a combination of fraudulent emails and phone numbers to increase their appearance of authority. Always verify that communication is valid by contacting the organization directly before providing any sensitive information.
- If donating to a charity, make sure it is one you know and trust. The FTC recommends checking out charities via the Better Business Bureau’s (BBB) Wise Giving Alliance, Charity Navigator, Charity Watch or GuideStar.
This is a Security Bloggers Network syndicated blog post authored by Adam Meyer. Read the original post at: SurfWatch Labs, Inc.