Cyber Thieves Thrive During Natural Disasters
August 18, 2020
What better time to exploit the kindness of well-meaning people who want to help victims than during natural disasters? Cybercriminals are waiting in the wings to take your money or steal sensitive information. After events like the California wildfires or hurricanes in the Carolinas, generous people who want to give are at risk. Let’s look this week at common ways criminals take advantage of us during vulnerable times.
Increase in Malicious Domain Names
During and after natural disasters, criminals take advantage of people eager to help victims. They create and register domain names that will encourage you to donate. A security company recently found that following Hurricane Florence, there were 137 new domain names involving words like “charity,” “compensation,” and “relief.” Most of these are related to a “charity.” Each appears legitimate, complete with “Donate” buttons, tricking victims into giving money and providing private, sensitive information. How do cyber thieves attract duped users to their website? Some may be found through a search engine, but many times email lists are used to send phishing emails.
Rise in Phishing Emails
Following Hurricane Florence, the National Cybersecurity and Communications Integration Center (NCCIC) issued a warning to be on the lookout for suspicious emails. These fraudulent emails may contain links or attachments that lead to malicious websites. The NCCIC recommends paying attention to the subject line of all hurricane-related emails, attachments, or links and to pay attention to the URL of any website asking for sensitive information or money. Additionally, scams have been spotted on social media outlets and through unsolicited texts.
Firstly, be wary of any websites that include the actual name of a natural disaster. For instance, www.hurricaneflorencedonation.com.
Pay attention to the subject line of emails. If they are related to a recent natural disaster like a hurricane, your guard should be up.
Do not open emails containing attachment or hyperlinks related to recent natural disasters. Even if it appears to have originated from a trusted source, it is likely a scam. Verify the legitimacy of any email solicitation by contacting the organization directly through a trusted contact number.
Stick with donating to well-known charities to avoid being duped. Check the BBB National Charity Report Index to ensure the charity is legitimate or donate through the American Red Cross www.redcross.org/Hurricane/Florence
Review our blog on different types of phishing scams and how to spot phishing emails
Lastly, keep anti-virus software up to date, and make sure you have enacted the anti-phishing software furnished by your email provider.
Plan for Natural Disasters
If you own a business, hopefully, you have created a Disaster Recovery Plan. The plan describes how an organization plans to handle potential natural disasters. Chiefly, it enables you to quickly get your business functioning again. HIPAA requires your organization to have a fully developed and tested Disaster Recovery Plan.
Review these nine steps to create a Disaster Recovery Plan:
- Designate your primary crisis managers
- List employees and their emergency contact information
- Identify major clients’ contact information
- Keep a record of vital financial relationships
- Create an inventory of all electronic devices
- Design an evacuation plan based on disaster type
- Determine who is in charge of restoring the network
- Create a potential purchase list
- Estimate disaster recovery times
For more information on creating your Disaster Recovery Plan, see our previously posted blog.
To summarize, natural disasters are imminent, and so are criminals who are poised and ready to exploit people who want to help. Don’t rush to donate to any entity online without validating them first, and ensure you have a Disaster Recovery Plan in place.
August 3, 2020
In October 2017, the National Association of Insurance Commissioners (NAIC) established an Insurance Data Security Model Law and released it to states for legislative consideration. They used New York’s Cybersecurity… Read More ›Read More