With much of South Texas ravaged by Hurricane Harvey, scammers have blown in to flood social media and email with phishing scams and spoofed Facebook accounts aimed at separating good Samaritans from money intended to help victims of the storm.
“As the tragic events unfold in Southeast Texas, the dark side of the Internet is already coming to life with a wide variety of online scams to trick global web surfers,” Dan Lohrmann, chief security officer at Security Mentor, said. “While there are many good causes that need our immediate support, there have already been reports of both hurricane victims and potential donors receiving misleading information that is attempting to deceive. Sadly, both Texans in trouble and those who want to give from around the world, are falling for relief effort scams.”
Not surprisingly, as in the aftermath of any disaster, many cybercriminals have gone phishing – manipulating users to click on links to the Hurricane Relief Fund where they can supposedly make donations to those upended by Harvey. Others have flooded Facebook and Twitter with links seemingly to charitable websites but which actually include spam links or links leading to malware.
US-CERT issued a warning on August 28 telling those who wish to help they should remain vigilant for malicious cyber activity seeking to capitalize on interest in Hurricane Harvey. Users are advised to exercise caution in handling any email with subject line, attachments, or hyperlinks related to Hurricane Harvey, even if it appears to originate from a trusted source.
“As reported during previous natural disasters and global events, phishing is usually the path of least resistance for the bad guys to get the sensitive data they want without being detected. If they can become you, they can slowly steal the data over time and cover their tracks. In phishing, the bait is a clever message and you are the fish. We fall for the phishing bait, because the phishers are masters of disguise. The bad guys play on our emotions and desires and appear to be from trusted sources,” said Lohrman. “In the case of Hurricane Harvey, watch out for official looking appeals that go to unfamiliar places or web addresses that are a few letters off. Also, don’t give to organizations that are not tax deductible.”
The Better Business Bureau has already noted “crowdfunding appeals of a dubious nature,” and warned in a blog post to “expect to see ‘storm chasers’ looking to make a quick buck off of clean-up efforts.”
SurfWatch Labs also has “observed hundreds of new domains being registered containing ‘harvey,’ many of which will likely be used in for scams related to the storm,” company Chief Security Strategist Adam Meyer wrote in a blog.
Spear phishing, which is more targeted and sophisticated may gain more traction since the messages appear to be from someone known to the potential victim, Lohrman said.
Jason Kent, CTO at AsTech, stressed the importance of not clicking on any links in an email or social media post. “In almost all cases, if you intend to donate to help out, use a reputable organization that you can research. Go directly to their website. Never click links to their site from anywhere, especially email and social media,” he said. “Be very wary of anyone soliciting donations because oftentimes, these are not legitimate organizations which can lead to potential scams.”
On Friday when meterologists were predicting the worst, Todd Hinnen, a partner with Perkins Coie and the former acting assistant attorney general for national security at the Justice Department, warned that critical infrastructure could be at risk and vulnerable to attack. “The operators of critical infrastructures like the power grid practice defense in depth – layered security controls intended to continue to protect the infrastructure even if one or more of them is compromised – and build redundancy into their systems to support business continuity,” said Hinnen. “When a networked system is brought under stress, whether by a hurricane, some other natural event, or a physical attack, however, the risk of compromise is always higher, and the data security experts responsible for protecting those networks must be on high alert to detect and prevent potential compromises or attacks seeking to take advantage of that vulnerability.”