Skip to main content

US-CERT Warns of Potential Hurricane Harvey Phishing Scams

As if the devastating effects of Hurricane Harvey are not bad enough, the United States Computer Emergency Readiness Team (US-CERT) of the Department of Homeland Security is warning of a different threat:  falling victim (or exposing your entire company) to Harvey-related phishing schemes.

Fraudulent emails carrying malware payloads or directing users to phishing or malware-infected websites have been identified and US-CERT is issuing cautions.  Emails requesting donations or appearing as "breaking news" alerts often appear during and after major natural disasters.

The warning continues:

US-CERT encourages users and administrators to use caution when encountering these types of email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns:

  • Review the Federal Trade Commission's information on Wise Giving in the Wake of Hurricane Harvey.
  • Do not follow unsolicited web links in email messages.
  • Use caution when opening email attachments. Refer to the US-CERT Tip Using Caution with Email Attachments for more information on safely handling email attachments.
  • Keep antivirus and other computer software up-to-date.
  • Refer to the Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
  • Verify the legitimacy of any email solicitation by contacting the organization directly through a trusted contact number. You can find trusted contact information for many charities on the BBB National Charity Report Index.

Make sure to take a minute and remind your network users about this scam so that we don't create a new set of Harvey-related victims out of those who were just trying to help.

 

Subscribe To Viewpoints

Author

Cynthia J. Larose

Member / Co-Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.