Don’t be fooled by Hurricane Matthew phishing attacks
For cybercriminals, flooded streets mean it’s time to go phishing.
When Hurricane Matthew blasted through the southeast, it brought all kinds of trouble, as major storms do. As if the destroyed homes and massive flooding were not enough, natural disasters tend also to attract internet fraudsters, who seek to exploit the turmoil to line their pockets.
Individuals and companies looking to provide hurricane relief may be more vulnerable to phishing scams—especially ones that mention the disaster or ask for some sort of donation.
Phishing is an effort to induce victims to reveal sensitive information such as passwords or credit card numbers by sending them an email (or other form of online communication) that fraudulently claims to be from a trustworthy source. For example, an unlucky North Carolina resident might open up an email that seems to come from a non-profit providing food, shelter and comfort to families devastated by Hurricane Matthew, suggesting that the customer needs to enter confidential information such as a credit card number. Simply click the link below, the email prompts, and you’ll be done in no time.
Phishing messages may:
- Request donations or financial support
- Claim breaking news about weather conditions, power outages, or road/bridge closures
- Have attachments, links, videos or images of the impacted areas
- Take advantage of pre-filled form data to get usernames, email addresses and more
- Demand urgent action or response
- Prompt recipients to install malware
The South Carolina Governor’s office reported a fraudulent email asking residents to click on links to get updates about power outages. Recipients who took the bait were unknowingly granting hackers access to their computer and all its sensitive information.
It’s not just for hurricane season. Phishing happens all the time, and it’s getting worse. The Anti-Phishing Working Group (APWG) reported that the number of phishing websites it detected jumped a startling 250 percent between October 2015 and March 2016.
We advise our clients to be aware of and wary about the threat of phishing scams. For additional information on phishing techniques, check out Phishing.org.