In the aftermath of recent fires in California, Spain and Portugal, hurricanes in Texas, Florida, and Puerto Rico, and recent earthquakes in Mexico and on the Iran-Iraq border, there has been a global uptick in the number of phishing scams aimed at stealing personal data and money. Unfortunately, when disaster strikes cyber criminals are always right behind, ready to apply social engineering techniques to take advantage of both the victims and people wishing to help.
Broken Routines and Urgency Lay the Foundation
In these devastating situations, victims are obviously out of their routines and under pressure. Donors may be viewing the disaster’s impact live on television or on the internet, or even be in communication with friends and family in the area. Both victims and donors have their defenses down.
Using social media, email and even web browser searches, criminals can focus their attacks through every possible channel. Seemingly relevant social media posts on Twitter and Facebook may include malicious URLs that link back to a phishing site. Criminals will even go so far as to set up fake Facebook pages dedicated to supposed victims of natural disasters. The pages may host links to crowdfunding sites where donations can be made (and collected by the criminal); or contain malicious links to phishing and malware sites.
Criminals also send emails containing content on how to offer or receive help during a natural disaster, along with malicious links. Cyren has even found phishing URLs within the results of a Google search on natural disasters. In all these instances, victims click the malicious links and are taken to fake websites the criminals have set up to ostensibly collect donations, where the victim may enter all manner of financial and personal data, from their credit card information to their name, email address, and phone number.
Disaster Warnings — Before and After
In case you missed it, the amount of cybercrime in the wake of all these natural disasters has been growing to such an extent that the US Federal Trade Commission, the Federal Emergency Management Agency, and US-CERT all recently issued alerts on scams associated with recent natural disasters, calling out specific disasters with orientations like “exercise caution in handling any email with subject line, attachments, or hyperlinks related to Hurricane Harvey….”
Most recently, as California wine country residents continue to sift through the remains of their homes and businesses, fake crowdfunding sites have appeared soliciting donations from unsuspecting but empathetic contributors. Right on cue, FEMA announced that they’ve detected thousands of fraudulent claims for disaster assistance from scammers impersonating legitimate victims.
Don’t Trust. Verify!
To avoid becoming the victim of a cyber-scam, beyond your automated security, as a first step you should only trust well-known and reputable charitable entities. If you are not familiar with the charity or website address and have no way to verify its authenticity, look for an alternative, better known option for assistance or your donation.
Having said that, relying on the presence of a brand name can also get you into trouble. We pulled a sample of four million phishing URLs and quantified the tendency to spoof well-known websites. Nearly 20 percent of the URLs were for spoofed web sites for just 11 brands. Amazon, eBay, Apple, Google, and Paypal very obviously among them, but also including less obvious payment sites such as ICS Cards and the Canadian Imperial Bank of Commerce. Disaster-related scams follow the same principle.
Which leads to the second step – if you’re going to get or give assistance, avoid clicking on links sent via email or on social media, even if the link appears to reference a well-known charitable organization. You should type the web address (for example, Red Cross or Unicef) directly into your browser.
Nothing Is Sacred
Basically, you need to assume that every natural disaster or public tragedy is being leveraged in a phishing scam somewhere. Phishing is on a dramatic upswing, and in surveys is cited repeatedly by IT managers as one of their top two security concerns (along with ransomware). Over the past 12 months, the number of active, malicious phishing URLs Cyren’s security cloud is monitoring has nearly doubled, from 5.4 million to 10.6 million.
