First, let me say that I hope that all of you in Texas are safe. Second, let me say that I hope all of my readers who want to do something to help the Hurricane Harvey victims are making smart choices. I’m sure you won’t be surprised to hear the scammers and hackers are taking advantage of a natural disaster for their financial gain. Your sense of charity could lead to not only being ripped off, but potentially putting your company’s network at risk.
As Jason Kent, CTO at AsTech, told me in an email comment, we often see phishing activities around these events. Something such as “there is a problem with your donation" or perhaps just a simple URL taking you to a beloved charity (https://donate.un1tedway.com), where there is a typo in the URL you might not catch in the moment. He added:
As we know, anything that grabs media attention can potentially grab your attention as well. This means we tune into things as they are pertinent. This is also bringing out a number of cybercriminals hoping to capitalize on the disaster.
The Department of Homeland Security (DHS) also warned of “malicious cyber activity,” during and in the aftermath of this storm, according to The Hill:
DHS is directing individuals to use caution when opening email attachments, ensure that anti-virus software is updated, and verify the legitimacy of any solicitation they receive via email by contacting the organization.
In addition to phishing email, Dan Lohrmann, chief security officer at Security Mentor, reminded me that hackers will use social engineering tactics to complete an attack. A popular method involves social media, adding:
Watch out for Facebook pages or bogus “Go Fund Me” accounts that try to attract emotional support with pictures. They typically will use actual disaster photos from the storm to make them look official. The best advice is to give to the Red Cross using well-known and trusted channels. Also be aware that personal appeals for money on crowdsourcing sites typically are not tax deductible, unlike the American Red Cross and Salvation Army.
I debated posting about these warnings today because I would hope by now we understand that hackers take advantage of the biggest stories in the news. But I remembered recent research that mentioned that 30 percent of users can’t recognize a phishing email. Right now, emotions are running high and many of your employees want to help out those who are suffering. That’s laudable. But if they can’t recognize a phishing email, the risk is that your company will become a victim of a cyberattack.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba