NCCIC & MS-ISAC: Beware Florence Phishing Scams

Hurricane Florence

Natural disasters can often bring out true triumphs of the human spirit, and truly commendable displays of resilience and compassion. In times of crisis, good Samaritans often appear in droves, eager to lend a helping hand. And generous donors open their checkbooks to help those who are hurting.

At the same time, cybercriminals and fraudsters are eager to exploit this goodwill for their own financial gain.

The Department of Homeland Security’s National Cybersecurity & Communications Integration Center (NCCIC) is warning users “to remain vigilant for malicious cyber activity seeking to exploit interest in Hurricane Florence.”

In an alert distributed Sept. 14 through the United States Computer Emergency Readiness Team (US-CERT), NCCIC is instructing users to pay extra attention to any email “with a subject line, attachments, or hyperlinks related to the hurricane, even if it appears to originate from a trusted source.”

Phishing and social engineering scams seek to prey on users’ proclivities, and their generosity is no exception. “Fraudulent emails commonly appear after major natural disasters and often contain links or attachments that direct users to malicious websites,” the alert states.

The post provides access to several US-CERT resources that offer guidance on spotting fraudulent email attachments, and avoiding social engineering and phishing attacks of all types. The post also includes Federal Trade Commission articles on providing hurricane help and avoiding charity scams, and a link to the Better Business Bureau’s National Charity Report Index.

Alongside these recommendations, the Multi-State Information Sharing & Analysis Center (MS-ISAC) released a cyber intel advisory on Sept. 14, which notes an uptick in internet activity related to Florence.

“From September 6-11, 2018, the MS-ISAC observed an increase in registered domains likely related to Hurricane Florence,” the advisory states. “The most recently registered domains include the words, ‘claims,’ ‘compensation,’ ‘lawyers,’ ‘relief,’ and ‘funds,’ which could indicate the domains use in possible scams or other malicious activity.”

MS-ISAC–which convenes cyber authorities from all 50 states to coordinate efforts aimed at promoting better cybersecurity posture across state, local, tribal, and territorial governments–said it “previously observed similar scams and malware dissemination campaigns in response to high profile events including the Boston Marathon bombing, Hurricane Harvey, and the Tennessee wildfires.”

“It is likely that these domain registrations will continue, especially after Hurricane Florence makes landfall,” MS-ISAC said.

The advisory offers a number of recommendations for both individual users and technical administrators, highlighting a need to “implement filters on emails, block suspicious IP addresses and domains at your firewall and on your webserver proxy, and flag emails from external sources with a warning banner.”

Well aware that criminals tend to exploit multiple attack vectors, NCCIC is telling users to be wary in both the digital and physical realm. It’s instructing them to “be wary of fraudulent social media pleas, calls, texts, donation websites, and door-to-door solicitations relating to the hurricane.”

Recent