Tragic-Event-Related Scams Advisory
Description
In the wake of tragic events (Earth Quakes, Hurricanes, etc.), please be aware of the need to be watchful for various malicious cyber activity targeting both victims and potential donors. Users should exercise caution when handling emails that relate to the event, even if those emails appear to originate from trusted sources.
Impact
Event-related phishing emails may trick users into sharing sensitive information. Such emails could also contain links or attachments directing users to malware-infected websites. In addition, users should be wary of social media pleas, calls, texts, fraudulent donation websites, and door-to-door solicitations relating to the recent tragic event.
Donations or user credentials may be stolen.
Resolution
To avoid becoming victims of fraudulent activity, users and administrators should consider taking the following preventive measures:
- Completing information security awareness training.
- Do not click on links in emails, or enter credentials from unknown or untrusted sources. Please see phishing guidelines.
Resources
Please review the external resources provided with respect to event related scams:
- Review information from the Federal Trade Commission on Charity Giving, which includes links to check if charity organizations are legitimate.
- Review information from the Federal Bureau of Investigation on Building a Digital Defense Against Charity Fraud.
- Use caution when opening email attachments, and do not click on links in unsolicited email messages. Refer to the US-CERT Tip on Using Caution with Email Attachments.
- Refer to US-CERT's Tip on Avoiding Social Engineering and Phishing Attacks.