The United States Computer Emergency Readiness Team (US-CERT) sent out an email warning users of Hurricane Matthew phishing scams. US-CERT wants users to, “exercise caution in handling any email with subject line, attachments, or hyperlinks related to Hurricane Matthew, even if it appears to originate from a trusted source.” Although no specific organizations or email addresses were named, US-CERT warns that phishing scams are common after natural disasters.
For those who don’t know, phishing scams are when an individual or a group of individuals try and solicit money or personal information from unsuspecting victims. This is commonly done through email, where the perpetrator(s) will pose as a legitimate organization or source in order to get users to click on a fraudulent link.
That link, which often times leads to a website that appears 100% legitimate, will ask the user to fill out their personal information, including: name, phone number, address, birth date, and sometimes even payment information. Other times, that link may have spyware attached, which can transmit information from the user’s computer to that of the perpetrator’s.
In order to protect against these scams, US-CERT recommends users take the following actions:
- Make sure antivirus software is up-to-date
- Don’t click on suspicious links
- Don’t open email attachments unless you know who it is coming from
- Review US-CERT’s “Avoiding Social Engineering and Phishing Attacks”
- Read the Federal Trade Commission’s “Charity Scams” page
- Contact the organization or source directly if you’re unsure of an email you received from them
While it’s unfortunate that there are people who use natural disasters as an opportunity to take advantage of others, it’s important to understand that it happens, and it happens often. According to Verizon’s 2016 Data Breach Investigations Report, 30% of phishing emails get opened. These criminals are smart, but users have to be even smarter in order to avoid being a victim. That’s why it’s very important for users to follow the tips provided by the US-CERT.