Cyber Thieves Thrive During Natural Disasters

What better time to exploit the kindness of well-meaning people who want to help victims than during natural disasters? From massive forest fires in California to devastating hurricanes in the Carolinas, cybercriminals are waiting in the wings to take your money or stealing sensitive information. Let’s look this week at common ways criminals take advantage of us during vulnerable times.

Increase in Malicious Domain Names

During and after natural disasters, criminals take advantage of people eager to help victims by creating and registering domain names that will encourage you to donate. A security company recently found that, with the onset of Hurricane Florence, there were 137 new domain names involving words like “charity,” “compensation,” and “relief.” Most of these domains are related to a “charity” and each appears legitimate, complete with “Donate” buttons, tricking victims into giving money and providing private, sensitive information. How do cyber thieves attract duped users to their website? Some may be found through a search engine, but many times email lists are used to send phishing emails.

Rise in Phishing Emails

In response to Hurricane Florence, the National Cybersecurity and Communications Integration Center (NCCIC) issued a warning to be on the lookout for suspicious emails. These fraudulent emails may contain links or attachments that lead to malicious websites. The NCCIC recommends paying attention to the subject line of all hurricane related emails, attachments, or links and to pay attention to the URL of any website asking for sensitive information or money. Scams have also been spotted through social media outlets and through unsolicited texts.

Be wary of any websites that include the actual name of a natural disaster. For instance, www.hurricaneflorencedonation.com.

Pay attention to the subject line of emails. If they are related to a recent natural disaster like a hurricane, your guard should be up.

If the email contains attachments or hyperlinks related to a recent event, do not open it even if it appears to originate from a trusted source. Verify the legitimacy of any email solicitation by contacting the organization directly through a trusted contact number.

Stick with donating to well-known charities to avoid being duped. Check the BBB National Charity Report Index to ensure the charity is legitimate or  donate through the American Red Cross www.redcross.org/Hurricane/Florence‎

Review our blog on different types of phishing scams and how to spot phishing emails

Keep anti-virus software up to date, and make sure you have enacted the anti-phishing software furnished by your email provider.

Plan for Disasters

If you own a business, hopefully, you have created a Disaster Recovery Plan. The plan describes how an organization plans to handle potential disasters, and enable you to quickly get your business functioning again. HIPAA requires your organization to have a fully developed and tested Disaster Recovery Plan.

Review these nine steps to create a Disaster Recovery Plan:

  1. Designate your primary crisis managers
  2. List employees and their emergency contact information
  3. Identify major clients’ contact information
  4. Keep a record of vital financial relationships
  5. Create an inventory all electronic devices
  6. Design an evacuation plan based on disaster type
  7. Determine who is in charge of restoring the network
  8. Create a potential purchase list
  9. Estimate disaster recovery times

For more information on creating your Disaster Recovery Plan, see our previously posted blog.

While natural disasters are imminent, so are criminals who are poised and ready to exploit people who want to help during times others are suffering. Don’t rush to donate to any entity online without validating them first, and ensure you have a Disaster Recovery Plan in place.

  1. https://securitytrails.com/blog/malicious-domains-registered-in-wake-of-hurricane-florence
  2. https://www.scmagazine.com/home/news/cyber-scammers-using-hurricane-florence-as-a-hook-for-malicious-emails/