As the peak of the 2017 hurricane season approaches, US-CERT warns users to be watchful for various malicious cyber activity targeting both disaster victims and potential donors with hurricane scams. Users should exercise caution when handling emails that relate to recent hurricanes, even if those emails appear to originate from trusted sources. Disaster-related phishing emails may trick users into sharing sensitive information. Such emails could also contain links or attachments directing users to malware-infected websites. In addition, users should be wary of social media pleas, calls, texts, or door-to-door solicitations relating to the recent hurricanes.
To avoid becoming victims of a hurricane scam, users and administrators should consider taking the following preventive measures:
- Review the information from the Federal Trade Commission (FTC) on Wise Giving in the Wake of Hurricane Harvey.
- Review information from the Federal Bureau of Investigation on Building a Digital Defense Against Charity Fraud.
- Use caution when opening email attachments, and do not click on links in unsolicited email messages. Refer to the US-CERT Security Tip on Using Caution with Email Attachments.
- Refer to US-CERT’s Security Tip on Avoiding Social Engineering and Phishing Attacks.