Scammers Already Taking Advantage of Hurricane Harvey, Registering Domains

The physical damage from Tropical Storm Harvey is expected to spread further in the coming week as the storm continues to move along the Gulf Coast. At least 10 people in Texas have been killed related to the storm, local officials said, and the continuing rainfall could total as much as 50 inches in some areas by the end of the week. On Monday, a day after Louisiana Gov. John Bel Edwards called on the federal government for assistance, President Donald Trump declared a state of emergency in Louisiana. Texas Gov. Greg Abbot described the storm as “one of the largest disasters America has ever faced,” and FEMA administrator Brock Long said the agency is gearing up for the years-long recovery process that will follow.

Naturally, people want to help the victims with that recovery process, and scammers are already capitalizing on that goodwill to defraud individuals and carry out other malicious activity, several agencies have warned.

The Better Business Bureau said it has already seen sketchy crowdfunding efforts and expects the coming months to see the usual flood of “storm chasers” — ranging from legitimate contractors looking for business to scammers attempting to take advantage of those who’ve already been victimized by the storm. In addition, US-CERT is warning users “to remain vigilant for malicious cyber activity seeking to capitalize on interest in Hurricane Harvey.”

SurfWatch Labs also noted in a recent customer alert that we have observed hundreds of new domains being registered containing “harvey,” many of which will likely be used for scams related to the storm.

2017-08-29_SWHarveyAlert.png
SurfWatch Labs alert on Hurricane Harvey scams.

Scams following national disasters like Harvey have come to be the norm, as malicious actors will attempt to exploit any event or news story that grabs the collective consciousness of a large group of people. For example, researchers recently discovered that the Chinese group APT 17 was leveraging the popularity of Game of Thrones in spear phishing emails designed to infect their targets with malware by teasing potential victims with the headline, “Wanna see the Game of Thrones in advance?”

Similar attack vectors leveraging users’ natural curiosity tend to follow nearly every major news story; however, with natural disasters people are more willing to hand over their payment information and make a donation, so there is more profit — and more incentive — for fraudsters to capitalize on such events. These attack vectors include:

  • email phishing designed to steal personal and financial information;
  • fake websites and crowdfunding pages impersonating legitimate charities;
  • in-person and phone scammers, such as fake contractors or government officials that offer services or aid with no intention of following through;
  • and social media posts designed to entice users to either visit a malicious site, download malware, provide personal information, or perform acts that will earn the fraudster money.
2017-08-29_AirlinesFacebookScam.png
Fake videos like this one observed by Malwarebytes following the disappearance of a Malaysian Airlines flight are often spread via social media and lead to surveys that harvest personal information or earn affiliate cash for the scammers.

With the National Weather Service describing Harvey as “unprecedented” and “beyond anything experienced,” it is likely that relief efforts will continue for years into the future. As SurfWatch Labs noted after Hurricane Matthew, those who wish to help or are seeking aid should be cautious about who they provide information to in order to avoid falling victim to these social engineering scams. Some tips include:

  • Never click on links or open attachments unless you know who sent it and what it is. Malicious email attachments and links are among the most common ways for cybercriminals to spread malware and steal information.
  • Never reply to emails, text messages, or pop-ups that ask for personal information.
  • Cybercriminals may use a combination of fraudulent emails and phone numbers to increase their appearance of authority. Always verify that communication is valid by contacting the organization directly before providing any sensitive information.
  • If donating to a charity, make sure it is one you know and trust. The FTC recommends checking out charities via the Better Business Bureau’s (BBB) Wise Giving AllianceCharity NavigatorCharity Watch or GuideStar.

Author: Adam Meyer

Adam Meyer has served in leadership positions in the defense, technology, and critical infrastructure sectors for more than 15 years. Prior to joining SurfWatch Labs, Mr. Meyer was the Chief Information Security Officer (CISO) for the Washington Metropolitan Area Transit Authority, one of the largest public transportation systems in the United States. Preceding his role as a CISO, Mr. Meyer served as the Director of Information Assurance and Command IA Program Manager for the Naval Air Warfare Center, Naval Air Systems Command one of the Navy's premier engineering and acquisition commands.

3 thoughts on “Scammers Already Taking Advantage of Hurricane Harvey, Registering Domains”

  1. Pingback: Impact of Massive Equifax Breach Will Likely Ripple Into the Future – SurfWatch Labs, Inc.
  2. Pingback: Security Headlines: Spying & Stealing – ISC2 NCR Chapter
  3. Pingback: Cyber News Rundown: Edition 9/1/17 – CyberHire

Leave a comment