Tragic-Event-Related Scams Advisory

In the wake of tragic events (Earth Quakes, Hurricanes, etc.), please be aware of the need to be watchful for various malicious cyber activity targeting both victims and potential donors. Users should exercise caution when handling emails that relate to the event, even if those emails appear to originate from trusted sources. 

Event-related phishing emails may trick users into sharing sensitive information. Such emails could also contain links or attachments directing users to malware-infected websites. In addition, users should be wary of social media pleas, calls, texts, fraudulent donation websites, and door-to-door solicitations relating to the recent tragic event.

Donations or user credentials may be stolen.

To avoid becoming victims of fraudulent activity, users and administrators should consider taking the following preventive measures:

• Completing information security awareness training.
• Do not click on links in emails, or enter credentials from unknown or untrusted sources.  Please see phishing guidelines.

Please review the external resources provided with respect to event related scams:

• Review information from the Federal Trade Commission on Charity Giving, which includes links to check if charity organizations are legitimate.
• Review information from the Federal Bureau of Investigation on Building a Digital Defense Against Charity Fraud.
• Use caution when opening email attachments, and do not click on links in unsolicited email messages. Refer to the US-CERT Tip on Using Caution with Email Attachments.
• Refer to US-CERT's Tip on Avoiding Social Engineering and Phishing Attacks.