As the sun returns and the waters begin to mercifully recede in south and east Texas, tens of thousands of Texans victimized by Hurricane Harvey are attempting to get back on their feet following one of the most destructive storms America has ever seen.
To help those folks, fellow Texans – and indeed Americans from all over – are doing what we know to do: offering prayers, support, encouragement and, of course, donations, all in an effort to care for and comfort those in need.
Unfortunately, even as the disaster brings out the best in so many, it brings out the worst in others. In this case in particular, it’s cyber thieves: online attackers and cyber scammers who are using email and social media to try and capitalize on and profit from the generosity of would-be charitable donors.
Figure 1 – US-CERT is warning Harvey charitable donors to be wary of cyberscams
Earlier this week, the United States Computer Emergency Readiness Team (“US-CERT”), a federal organization within the Department of Homeland Security, issued a warning advising email and social media users to be wary of online scams attempting to steal money, email addresses, passwords and other information from those giving in support of Harvey victims.
“US-CERT warns users to remain vigilant for malicious cyber activity seeking to capitalize on interest in Hurricane Harvey. Users are advised to exercise caution in handling any email with subject line, attachments, or hyperlinks related to Hurricane Harvey, even if it appears to originate from a trusted source.” (Source: US-CERT Alert, August 28, 2017).
According to media reports, such cyber scams have already been identified.
Kevin Epstein, vice president of threat operations at cybersecurity firm Proofpoint, told Fortune Magazine that, “in recent days he has seen hurricane-related snares such as ‘see this terrifying video’ or pleas to ‘donate to the relief effort.’
One PDF attachment titled ‘hurricane harvey – nueces county news release 11 – it’s your chance to help.pdf’ prompted people, when opened, to enter their email username and password.” (Source: Fortune, “Scammers Are Exploiting Hurricane Harvey to Dupe Well-Intentioned Folks. Don’t Fall for It.,” by Robert Hackett, August 29, 2017).
Figure 2 – Hurricane Harvey related cyber scams have been identified and are circulating
As disgusting as these unlawful efforts are, they’re hardly new. Similar cyber scams using phishing emails that contain malware-laden web links and other cyber tricks have become commonplace following major events and world disasters, such as September 11, Sandy Hook, national elections and tax season to name a few.
“[D]isasters that attract national attention are often used by scammers to create fake charities and crowdfunding campaigns to rip off people donating to help a worthy cause.” (Source: Money Magazine, “Watch Out for These Charity Scams After Hurricane Harvey,” by Alicia Adamczyk, August 28, 2017).
Many businesses in Texas and across the country have encouraged their employees to give in support of the Harvey recovery effort. Such efforts are admirable, to be sure, but businesses should also help their would-be donor employees to spot cyber scams that are designed to take advantage of their charity.
Awareness campaigns are a good place to start, providing employees with a list of actions they can take to avoid cyber scammers. Such actions might include the following:
- Only give to reputable, well-known charities;
- Avoid charities that have been created in the days or weeks following an event;
- Research charities to see how they will use donated funds, by way of such websites as charitynavigator.org, givewell.org and guidestar.org;
- Don’t use web links in emails to donate, even if the email comes from what appears to be a trusted source;
- Keep antivirus and other software up to date; and,
- Verify if a charity is registered in your state through the National Association of State Charity Officials.
With support, caring, encouragement and charitable giving, our fellow Texans will recover and they will rebuild. But as with all things online, that support and giving has to be done smartly. Responsible, savvy businesses should play their part, and they can do that by empowering their employees with knowledge and cyber awareness, so that the generosity of those employees can prevail.
John Ansbach is the former General Counsel of General Datatech, L.P. a technology solutions systems integrator based in Dallas. TLB readers may contact him at firstname.lastname@example.org and read more of his writings on cybersecurity and technology on his blog at ansbachblog.com.