• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Scammers Begin Phishing in Hurricane Harvey Floodwaters

August 29, 2017 By The Editor

On August 24, Tropical Storm Harvey turned into Hurricane Harvey and made landfall near Rockport, Texas. It caused catastrophic flooding in the greater Houston area, killed at least 16 people, and could result in close to $60 billion in economic losses. While thousands flock to help the victims of the storm, cybercriminals are spinning into action, trying to fleece sympathetic Americans with phishing campaigns.

As reported by SC Magazine, cybercriminals are manipulating users to click on fraudulent Hurricane Relief Fund links. These fake links have been seen all over Facebook and Twitter and not only take users to bogus funds, but can also lead to malware sites. US-CERT issued a warning yesterday advising those that want to help:

“Remain vigilant for malicious cyber activity seeking to capitalize on interest in Hurricane Harvey. Users are advised to exercise caution in handling any email with subject line, attachments, or hyperlinks related to Hurricane Harvey, even if it appears to originate from a trusted source. Fraudulent emails will often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from duplicitous charitable organizations commonly appear after major natural disasters.”

Spear phishing attacks, a more targeted practice of sending emails that appear to be from a known or trusted source in order to induce clicking, are also expected to ramp up around hurricane relief efforts. Meaning those interested in helping relief efforts should be even more skeptical when reviewing incoming emails. Be on the lookout for bad grammar, links that don’t match branded web domains and other red flags associated with phishing campaigns.

For organizations looking to support the relief efforts, be sure to remind employees about the risks and dangers associated with phishing campaigns. Teach your users about the hazards of clicking on suspect email attachment files and embedded hypertext and web links.

Want to take your anti-phishing training to the next level? Learn how to educate your workforce about phishing and train them to identify these attacks in this Dark Reading article from WatchGuard’s CTO, Corey Nachreiner. To learn how WatchGuard turned the tables and hooked a spear phisher, check out this Secplicity blog post.

Share This:

Related

Filed Under: Editorial Articles, Featured Tagged With: Phishing

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • An Update on Section 230

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • 3CX Supply Chain Attack
  • The NSA’s Guidance on Securing Authentication
  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use