As if the devastating effects of Hurricane Harvey are not bad enough, the United States Computer Emergency Readiness Team (US-CERT) of the Department of Homeland Security is warning of a different threat: falling victim (or exposing your entire company) to Harvey-related phishing schemes.
Fraudulent emails carrying malware payloads or directing users to phishing or malware-infected websites have been identified and US-CERT is issuing cautions. Emails requesting donations or appearing as “breaking news” alerts often appear during and after major natural disasters.
The warning continues:
US-CERT encourages users and administrators to use caution when encountering these types of email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns:
- Review the Federal Trade Commission’s information on Wise Giving in the Wake of Hurricane Harvey.
- Do not follow unsolicited web links in email messages.
- Use caution when opening email attachments. Refer to the US-CERT Tip Using Caution with Email Attachments for more information on safely handling email attachments.
- Keep antivirus and other computer software up-to-date.
- Refer to the Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
- Verify the legitimacy of any email solicitation by contacting the organization directly through a trusted contact number. You can find trusted contact information for many charities on the BBB National Charity Report Index.
Make sure to take a minute and remind your network users about this scam so that we don’t create a new set of Harvey-related victims out of those who were just trying to help.