Leave it to cyber criminals to use something as disastrous as Hurricane Harvey to make a buck.
US-CERT under the Department of Homeland Security issued a warning on Monday against malicious online activity related to the hurricane.
Phishing attacks that feed off fake charity sites and donations are common during these types of events.
“As reported during previous natural disasters and global events, phishing is typically the path of least resistance for bad guys to get the sensitive data they want without being detected," says Dan Lohrmann, Chief Security Officer at Security Mentor.
"In the case of Hurricane Harvey, watch out for official looking appeals that go to unfamiliar places or web addresses that are a few letters off. Also, don’t give to organizations that are not tax deductible," he adds.
Cyber criminals can also use spear phishing campaigns tailored to current events to get your money or personal information.
"During a crisis, you may get items forwarded to you from friends or family, but don’t just assume that all is well. Check the details of where they are asking you to donate or what links you are clicking on," Lohrmann says.
Attackers can easily look on social media to see who you might know in the disaster area, and then use a spoofed email from "them" to contact you asking for money, information, or attach malicious links or files.
Jason Kent, CTO at AsTech, says, “As we know, anything that grabs media attention can potentially grab your attention as well. This means we tune into things as they are pertinent. Something that is grabbing quite a bit of attention right now is the hurricane and flooding it is bringing. This is also bringing out a number of cyber criminals hoping to capitalize on the disaster."
We at SecureWorld stand by our peers in Houston. Our thoughts are with you.
Image Credit: NOAA's Environmental Visualization Laboratory
