Phishers Plumb the Depths of Hurricane Harvey's Floods

As the United States reels from the effects of Hurricane Harvey—a devastation that as of this writing is far from being over—cyber-criminals are bringing a flood of their own, in the form of phishing and scam attempts. Don’t be afraid to donate—but do your homework first.

Looking to capitalize on the goodwill of people wanting to help the victims in Houston and the Gulf Coast, bad actors have registered hundreds of new domains containing the term “Harvey.”

SurfWatch Labs noted in a blog that these domains are being used to send phishing emails with bogus donation lures; set up fake websites and crowdfunding pages; and support in-person and telephone “giving” scams, social media posts and more.

Meanwhile, US-CERT is warning users “to remain vigilant for malicious cyber-activity seeking to capitalize on interest in Hurricane Harvey.”

Dan Lohrmann, chief security officer at Security Mentor, offered Infosecurity the following advice to avoid being scammed: “Watch out for Facebook pages or bogus ‘Go Fund Me’ accounts that try to attract emotional support with pictures,” he said. “They typically will use actual disaster photos from the storm to make them look official. The best advice is to give to the Red Cross using well-known and trusted channels. Also, be aware that personal appeals for money on crowdsourcing sites typically are not tax deductible, unlike the American Red Cross and Salvation Army.”

SurfWatch noted that tips to prevent falling victim to Harvey phishing attempts include the usual protections: Never click on links or open attachments unless you know who sent it and what it is; never reply to emails, text messages or pop-ups that ask for personal information; and always verify that a communication is valid by contacting the organization directly before providing any sensitive information.

Importantly, don’t let the fear of cyberattack dissuade giving.

“We all want to be sure that our donations actually go to the people, and charities who need them,” Steve Durbin, managing director of the Information Security Forum, said via email. “Just be sure you pay close attention to who you are donating to so that you don’t end up becoming another victim.”

The support is greatly needed: President Trump has declared a federal state of emergency for both Texas and Louisiana, as Harvey leaves tens of thousands evacuated from their (likely destroyed) homes along the Gulf Coast. In Houston, the fourth largest city in the US, catastrophic flooding continues as the waters continue to rise, and search and rescue operations are struggling to keep up with those stranded and in danger. Meanwhile, Harvey has made its way back out to sea, is strengthening, and is expected to soon make another landfall in Louisiana.

In the United States, you can donate $10 to the American Red Cross by texting “Harvey” to 90999. Other verified sources for charitable giving for the relief effort can be found here, and people can visit to review the Better Business Bureau Charity Report to verify that a charity meets bureau standards for accountability. The FTC also recommends checking out charities via the Better Business Bureau’s Wise Giving Alliance, Charity Navigator, Charity Watch or GuideStar.

What’s Hot on Infosecurity Magazine?