Hurricane Charity Frauds Continue to Proliferate
By Stu Sjouwerman, CEO KnowBe4
Hurricane Harvey hit Texas hard and with it, out came the scammers. The low lifes were expected to exploit the event and even the US-CERT (Computer Emergency Readiness Team) issued an alert warning of potential phishing scams.
The bad guys are using the hurricane disasters to trick people in clicking on links, on Facebook, Twitter and through phishing emails attempting to solicit charitable giving for the flood victims. Here are a few examples:
- Facebook pages dedicated to victim relief contain links to scam websites.
- Tweets are going out with links to charitable websites soliciting donations, but in reality, included spam links or links that lead to a malware infection.
- Phishing emails dropping in a user's inbox asking for donations to #HurricaneHarvey Relief Fund.
Using events like Hurricane Harvey as a platform for a multitude of funky websites to orchestrate clever schemes is not new. Previous disasters have been exploited like this, and the bad guys are going at it again will all guns blazing. Be wary of anything online covering the Hurricane Harvey or Irma disaster in the following weeks.
The latest is another suspicious hurricane relief related email. The email and accompanying website (Harveydisasterrelief.com) look professional, but there is precious little info on who is behind this organization and how the money they collect will be used. Moreover, the domain for the website harveydisasterrelief.com was anonymously registered on 8-25-2017 through Domains by Proxy.
A quick Google search on the domain turns up some search results, but all are from Google's own crawl of the site -- not other sites linking to it.
In short, this web site and underlying organization behind it warrant zero trust.
Another example is an email received by KnowBe4 through its Phish Alert Button, a plug in it offers to organizations for no charge.
The From: line indicates the email hails from Info@redcross.us (which does belong to the Red Cross) but the Reply To: points to email@example.com. That domain has been associated with all kinds of online scams:
Strangely, the signature block lists the organization allegedly behind this email as being based in Houston, yet the provided phone number is a (727) number -- Clearwater/St. Petersburg. Also, there is no link included. Apparently, willing dupes are expected to reply to the email or call the number.
With the largest hurricane ever to hit the Atlantic following in Harvey's wake, Irma is sure to generate a plethora of new schemers out to make a buck by taking advantage of generous but uneducated people who may not know how to recognize a realistic phish or social media pitch. Such a scam might also be used to get people to click on a link that could lead to something more harmful.
Remember, don't feed the fraud and think before you click.