Aug 30, 2017 | By Stone Tillotson
The United States Computer Emergency Readiness Team, or US-CERT, issued an advisory on August 28th, 2017 about phishers and scammers seeking to capitalize on the Hurricane Harvey disaster. US-CERT expects to see a wave of emails playing to the compassion for victims and curiosity about the event to stage charity scams and phishing attacks. As earlier bulletins from both US-CERT and others in the cybersecurity industry have noted, attackers are always willing to exploit a crisis. US-CERT advises caution in opening with unsolicited emails and active skepticism regarding charitable donations.
IISP Analyst Stone Tillotson: "Hurricane Harvey is likely to be joining a maddening list of those tragedies and crises the selfish are willing to exploit. The Indonesian Tsunami of 2004, Hurricane Katrina, the Sichuan Earthquake of 2008, ad nauseaum, all served as flashpoints for scams and attempted exploits. Tragically, the worse the disaster and the more intense our interest, the more effectively attackers and fraudsters are able to lure victims. What's to do when our compassion is our weakness? Slow down. Disasters and a desire to help energize us, but that energy needs to be managed to be helpful. Donations of money or goods will take time to make their way to those who need them, so slowing down and giving wisely is helpful, much as slowing down and acting deliberately is helpful in any security context. Con artists and attackers are adept at exploiting a sense of urgency. By giving ourselves time to think through our decisions, we can help those who need it, and ensure our online banking credentials aren't the next source of a crisis."
For further reading
- US-CERT: Potential Harvey Phishing Scams: https://www.us-cert.gov/ncas/current-activity/2017/08/28/Potential-Hurricane-Harvey-Phishing-Scams
- US-CERT Tips: https://www.us-cert.gov/ncas/tips/ST04-014
- Federal Trade Commission: https://www.consumer.ftc.gov/blog/2017/08/wise-giving-wake-hurricane-harvey