Security Awareness: Watch-Out for Hurricane Harvey Online Scams

Monday, August 28, 2017

Dan Lohrmann


As the tragic events continue to unfold in Southeast Texas, the dark side of the Internet is already coming to life with a wide variety of online scams to trick global web surfers.

While there are many good causes that need our immediate support, there have already been reports of both hurricane victims and potential donors receiving misleading information that is attempting to deceive. Sadly, both Texans in trouble and those who want to give from around the world, are falling for relief effort scams.

Numerous media sites posted a toll free number to call if you were in a state of emergency. However, the number called is for an insurance group.

Meanwhile, all across the country, warning bells are sounding about scammers trying to trick people into giving to fake accounts. For example, the Office of the Indiana Attorney General’s Consumer Protection Division is warning Hoosiers to be vigilant in giving.

What Can You Do?

The Better Business Bureau is advising donors to be wary of these techniques which should set off alarm bells:

1. Don't fall for copycats.

2. Be wary of emails and social media.

3. Don't provide personal information.

4. Do your homework. Visit give.orgto review the BBB Charity Report and to verify that a charity meets bureau standards for accountability.

5. High pressure.Be leery of a charity that insists on immediate relief help. Legitimate charities will be glad to accept a donation later on.

Also watch-out for Facebook pages or bogus “Go Fund Me” accounts that try to attract emotional support with pictures. They typically will use actual disaster photos from the storm to make them look official.

The best advice I have is to give to the Red Cross using well-known and trusted channels. To contribute to the Red Cross, you can simply text the word HARVEY to 90999 on your cellphone.  Or visit their website,,to donate by credit card.

Additionally, be aware that personal appeals for money on crowdsourcing sites typically are not tax deductible, unlike the American Red Cross and Salvation Army.

Phishing Scams

As reported during previous natural disasters and global events, phishing is usually the path of least resistance for the bad guys to get the sensitive data they want without being detected. If they can become you, they can slowly steal the data over time and cover their tracks.  In phishing, the bait is a clever message and you are the fish. We fall for the phishing bait, because the phishers are masters of disguise. The bad guys play on our emotions and desires and appear to be from trusted sources.

In the case of Hurricane Harvey, watch for official looking appeals that go to unfamiliar places or web addresses that are a few letters off. Also, don’t donate to organizations that are not tax deductible.

Spear phishing is similar to phishing, except the attack is more targeted, sophisticated and often appears to be from someone you know such as a company colleague, your bank, a family member or a friend. The message may include personal information like your name, where you work, and perhaps even a phone number or other related personal information.

During a crisis, you may receive items forwarded to you from friends or family. However, don’t just assume that all is well. Check the details of where they are asking you to donate or what links you are clicking on.

Finally, understand that this scamming trend is not new and not going away. As Trend Micro pointed out several years ago, cybercriminals have time on their side and are just waiting for you to let your guard down. If you don’t fall for tricks surrounding this natural disaster, sadly, another major event is most likely just around the corner. Be prepared!

Possibly Related Articles:
Infosec Island Budgets Enterprise Security Policy Security Awareness Security Training
scam Hurricane
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.