Cyber Threats Amid Disaster: California Fires Spark New Phishing Scams

As California grapples with devastating wildfires, communities rally to protect lives and property. Unfortunately, these disasters also serve as fertile ground for cybercriminals seeking to exploit chaos and uncertainty. The Veriti Research team has identified alarming trends in phishing scams linked to the ongoing disaster, highlighting the need for heightened cybersecurity awareness during these vulnerable times.

Key Findings from Veriti Research

1. Emergence of Suspicious Domains In just 72 hours, Veriti Research identified multiple newly registered domains linked to the California fires. These domains include:

• malibu-fire[.]com
• fire-relief[.]com
• Calfirerestoration[.]store
• fire-evacuation-service[.]com
• Lacountyfirerebuildpermits[.]com
• Pacificpalisadesrecovery[.]com
• boca-on-fire[.]com
• palisades-fire[.]com
• palisadesfirecoverage[.]com

We can see in the above list few topics that might be use by the attackers: California Restoration, Re-build Permits, Fire coverage and more.

These domains exhibit patterns typical of phishing campaigns. Some aim to mimic official services like fire evacuation assistance, while others target specific localities, such as Malibu and Pacific Palisades. Early indications suggest these sites are being prepared to host fraudulent activities, including phishing attacks, fake donation requests, and malicious downloads.

2. Tactics Used by Hackers Hackers often capitalize on disaster-related fears and uncertainties. In this case, they are:

• Registering domains with names that resemble legitimate services or agencies.
• Using these domains to distribute phishing emails, urging users to click on fraudulent links.
• Employing social engineering techniques to create a sense of urgency, such as fake donation drives or critical safety alerts.

One example is a subdomain suggesting a phishing attempt designed to lure victims under the guise of fire-related assistance. Such tactics prey on people’s goodwill and desire to support recovery efforts.

Veriti’s research has not yet identified email campaigns utilizing these phishing domains. However, we are monitoring them daily to ensure timely reporting.

Hackers understand that individuals in or near affected areas are more likely to interact with what seems like a relevant resource, making these attacks more effective.

The California wildfires underscore the dual tragedy of natural disasters and cyber exploitation. As hackers continue to refine their techniques, awareness and vigilance are critical in preventing against their attacks. By understanding the methods and tools used by cybercriminals, individuals and organizations can take proactive steps to minimize the risks. 

The Veriti Research team remains committed to uncovering and neutralizing such threats, empowering communities to focus on recovery without the added burden of cybercrime.