How to Identify Fraud in the Wake of Natural Disasters
by Caitlin Gruenberg
At this moment hurricane Dorian is pounding the shores of the Outer Banks in North Carolina and just days ago, this storm devastated the Bahamas. As the world sympathizes and mourns for those who lost homes, communities and loved ones, one can’t help but think “what can I do to help?” Unfortunately, these thoughts of compassion are the breeding ground for cyber criminals.
In 2005, the Hurricane Katrina Fraud Taskforce brought charges against 907 individuals who attempted to take advantage of kindness by acting fraudulently in the wake of the storm. “Whenever a natural disaster strikes, there will always be unscrupulous people willing to take advantage of victim assistance and rebuilding efforts,” said Matthew Friedrich, Acting Assistant Attorney General for the Criminal Division and chair of the Task Force.
Unfortunately, since 2005 these incidents have only dramatically increased and the cyber criminals have only become more skillful in their attempts to take advantage of good-natured individuals by pretexting, phishing and creating counterfeit charities.
Here are a few scenarios to look out for:
1. Pretexting
Phone calls asking for donations to aid hurricane victims should be considered malicious. These attempts ask you to pay over the phone and in doing this, copious amounts of personal information and financial information is provided to the cyber criminal. To avoid being social engineered by pretexting, be sure to take down as much information as they are willing to give you (so you can report it) and hang up.
2. Phishing
Cybercriminals also use phishing to trick individuals via email to donate. A popular phishing attempt is an email that looks as though it comes from a legitimate source. This email may ask a consumer to click a link and login with their user credentials. If the link is clicked and credentials are entered, the malicious actor can use the information obtained to actually log in and access their victim’s account. Email or text messages containing certain red flags could alert users to a possible phishing attack:
- Misspellings
- Grammatical errors
- Offering prizes
- Creating a sense of urgency
- Requesting personally information
- Requesting user IDs and passwords
- Threatening with consequences
- Making demands
Also, keep in mind that these emails often look very authentic. To avoid falling for a phishing attempt, do not click links embedded in emails. Instead, it is best practice to exit the potentially malicious email and log into your account on an official website.
3. Counterfeit Charities
Sadly, counterfeit charities are very popular among cyber criminals in the wake of tragedy. Fake charities websites are a prime platform to steal your identity and your money. If you are interested in donating to a charity its best to follow these practices to ensure your donation is going to the right place:
- Approach charity organizations directly
- Check the organization’s name and look them up
- Legitimate charities are registered – check an organization’s credentials
- Never give credit card details or online account details to anyone you don’t know or trust.
- Avoid any organization asking for up-front payment via money order, wire transfer, international funds transfer, pre-loaded card or electronic currency
Report Disaster Fraud
Since the National Center for Disaster Fraud (NCDF) was established in 2005, they have received over 95,000 complaints relating to disaster fraud. If you feel you’ve encountered a malicious actor taking advantage of a disaster, please report the situation to the Disaster Fraud Hotline at 866-720-5721.
CAITLIN GRUENBERG
LEAD PRIVACY ANALYST