US-CERT Warns of Potential Hurricane Harvey Phishing Scams

By Cynthia J. Larose

As if the devastating effects of Hurricane Harvey are not bad enough, the United States Computer Emergency Readiness Team (US-CERT) of the Department of Homeland Security is warning of a different threat:  falling victim (or exposing your entire company) to Harvey-related phishing schemes.

Fraudulent emails carrying malware payloads or directing users to phishing or malware-infected websites have been identified and US-CERT is issuing cautions.  Emails requesting donations or appearing as "breaking news" alerts often appear during and after major natural disasters.

The warning continues:

US-CERT encourages users and administrators to use caution when encountering these types of email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns:

  • Review the Federal Trade Commission's information on Wise Giving in the Wake of Hurricane Harvey.
  • Do not follow unsolicited web links in email messages.
  • Use caution when opening email attachments. Refer to the US-CERT Tip Using Caution with Email Attachments for more information on safely handling email attachments.
  • Keep antivirus and other computer software up-to-date.
  • Refer to the Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
  • Verify the legitimacy of any email solicitation by contacting the organization directly through a trusted contact number. You can find trusted contact information for many charities on the BBB National Charity Report Index.

Make sure to take a minute and remind your network users about this scam so that we don't create a new set of Harvey-related victims out of those who were just trying to help.

 

Subscribe To Viewpoints

Published

Viewpoint Topics

Professionals

Author

Cynthia J. Larose

Member / Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.