In the wake of Hurricane Harvey, American’s have rushed to issue support for those victimized by the devastating storm. People all over the country are donating to Harvey disaster relief efforts, but law enforcement officials and consumer watchdogs urge caution. When tragedy strikes, criminals invariably prey on people's best intentions.
The Justice Department's National Center for Disaster Fraud (NCDF), which was established to crack down on scams following Hurricane Katrina, released a statement on Wednesday warning of post-Harvey charity fraud. Scammers have been using Hurricane Harvey-themed messages to trick people into opening phishing emails and links on social media sites, which can steal login information, infect machines with malware, or con victims out of money.
"Unfortunately, criminals can exploit disasters, such as Hurricane Harvey, for their own gain by sending fraudulent communications through email or social media and by creating phony websites designed to solicit contributions," the statement said.
"There's a cycle for disaster fraud," explained Walt Green, who ran the NCDF from 2013 to 2017.
Every spring, when the National Weather Service announces potential names for the upcoming hurricane season, scammers race to create deceptive websites and accounts soliciting donations using variations of those storm names.
After Hurricane Katrina struck in 2005, the FBI found more than 4,600 websites advertising relief efforts, most of which were suspected to be fraudulent.
It’s become a common scam, during and after natural disasters, for criminals to set up pretend relief funds and request donations. Fortune has reported several suspicious online profiles and personas that, although their legitimacy couldn't be determined, raised several red flags: a small number of followers, unverified accounts, no apparent links to accredited charities, and no means to track where proceeds go.
The US Computer Emergency Readiness Team (US-CERT), a cybersecurity arm of the U.S. Department of Homeland Security, also reminds consumers that malware purveyors frequently use natural disasters and other breaking news items of broad interest to trick people into clicking on malicious links or opening booby-trapped email attachments.
The NCDF has issued the following tips to ensure your aid dollars go to victims rather than greedy cybercriminals. Before making a donation of any kind, consumers should adhere to certain guidelines, including:
- Do not respond to any unsolicited (spam) incoming e-mails, including clicking links contained within those messages, because they may contain computer viruses.
- Be skeptical of individuals representing themselves as members of charitable organizations or officials asking for donations via email or social networking sites.
- Beware of organizations with copy-cat names similar to but not exactly the same as those of reputable charities.
- Rather than follow a purported link to a website, verify the legitimacy of nonprofit organizations by utilizing various Internet-based resources that may assist in confirming the group’s existence and its nonprofit status.
- Be cautious of emails that claim to show pictures of the disaster areas in attached files because the files may contain viruses. Only open attachments from known senders.
- To ensure contributions are received and used for intended purposes, make contributions directly to known organizations rather than relying on others to make the donation on your behalf.
- Do not be pressured into making contributions; reputable charities do not use such tactics.
- Be aware of whom you are dealing with when providing your personal and financial information. Providing such information may compromise your identity and make you vulnerable to identity theft.
- Avoid cash donations if possible. Pay by credit card or write a check directly to the charity. Do not make checks payable to individuals.
- Legitimate charities do not normally solicit donations via money transfer services. Most legitimate charities’ websites end in .org rather than .com.
If you think you've been targeted by a scammer, report it to the National Center for Disaster Fraud hotline (866-720-5721). You can also alert the FBI's Internet Crime Complaint Center (IC3).
Breadcrumb is a cybersecurity and executive advisory firm. Located in Central California, we partner with organizations throughout the US, protecting their critical assets from cyber breach. Contact us today for a no-obligation consultation.