Where there’s a crisis, there are crooks. In the wake of Hurricane Harvey, fraudsters are trying to rip cash from unsuspecting victims using phishing emails, and opportunists have created a slew of dodgy domains, too.
The tricks, as ever, rely more on human desires to help rather than any sort of technical mastery on the criminals’ behalf. Regardless, the scams come as a reminder that, as ever, hackers often use current events as a way to get closer to their targets.
“Help people affected by Hurricane Harvey, donate now and God bless you,” one scam email reads. Stephen Burke, founder of security firm CyberRiskAware, shared this and another Harvey-related email with The Daily Beast.
The email appears to come from the Red Cross, but Burke said scammers had forged the sender’s address.
“On behalf of America red cross Baytown we solicit for donation of any kind and amount of the affected people of Houston, Texas, kindly contact our location agent for your donation,” the email, which includes several grammatical mistakes, continues. The message’s signature includes another address from a free email service, but this one is likely controlled by the fraudster.
The author of a second apparent scam email poses as a victim of Hurricane Harvey.
“I’m so much in need of your urgent assistant [sic] personally,” the email reads. The author doesn’t provide a bank account or other details straight away, but seemingly tries to start a dialogue before moving forward.
It’s not just crooks masquerading as charities or victims. Groups or individuals have registered loads of domains mentioning or related to Hurricane Harvey. Some appear to be for law practices or other businesses that may be hoping to offer services later on, such as hurricaneharveytriallawyer.com, hurricane-harvey-lawyer.com, or harveylawsuit.com.
Many of the recently registered domains don’t appear to have any actual websites behind them just yet, but some are active. Harveyflooded.com, for example, redirects to an apparent insurance-claim firm at the time of writing. (The Daily Beast didn’t immediately see evidence of similar domains for the now-approaching Hurricane Irma).
Back when Hurricane Harvey first stirred at the end of August, local media warned of a message social-media users were circulating that provided a fake number for the National Guard.
“The National Guard is being deployed to our Texas area. If you find yourself in a state of emergency. Call 1-800-527-3907. Please copy, paste or share!!!!!!!!!” the message read. That phone number, however, belongs to Foremost Insurance Group. The company’s official Twitter account also tweeted the number during Hurricane Sandy and Isaac.
A spokesperson for Foremost told The Daily Beast, “We are aware that a social-media post was created that attempted to provide contact information to the Texas National Guard. Regrettably, this post incorrectly provided the phone number to one of our claim contact centers rather than the phone number of the Texas National Guard.”
“We have been unable to locate the origin of the original post and have no information that the author of the post was in any way associated with our company,” they added.
Of course, Hurricane Harvey is not the first time those looking to make some cash online have jumped on to a major news event. Fraudsters created fake Facebook profiles for child victims of the Malaysia Airlines Flight 17 plane crash in Ukraine. And posing as charities is an established tactic. In 2007, the Federal Trade Commission warned military families about phishing emails claiming to come from, again, the Red Cross. The emails claimed a family member had been hurt while on duty, and were designed to solicit personal information.
At least in this case, the Hurricane Harvey emails were not even close to sophisticated.
“Your reply will be appreciated,” one of the scam emails reads.