US-CERT has issued warning about a spate of Hurricane Matthew phishing scams as cybercriminals attempt to defraud users and infect computers by taking advantage of interest in the hurricane. Following any natural disaster or major new event, scammers launch new campaigns to obtain sensitive information that can be used for identity theft and fraud. Cybercriminals also seize the opportunity to spread malware and ransomware. This natural disaster is no different.
Hurricane Matthew phishing scams are conducted to obtain sensitive information such as bank account information and credit card numbers which can be used to commit fraud. Users should also be careful about divulging any sensitive information online or via email which could be used by identity thieves.
Hurricane Matthew phishing scams can be conducted via malicious websites or spam email. Users may be sent links to fake charitable organizations where they can make donations to help victims of the hurricane. Links are also being sent which direct the user to malicious sites containing malware. Visiting these sites can result in malware or ransomware being downloaded onto computers.
US-CERT has warned users to exercise extreme caution, especially with emails containing Hurricane Matthew in the subject line. Hyperlinks should not be clicked and attachments should not be opened.
To reduce the risk from malicious websites, all software should be kept up to date and any available patches should be applied. Antivirus software should also be updated.
If an email is received from a charitable organization requesting a donation, it is essential that users verify the legitimacy of the email and the company. US-CERT recommends checking the organization against the BBB National Charity Report Index and using a trusted contact number, not any contact details supplied in the email.
Administrators should warn employees about Hurricane Matthew phishing scams and the increased risk of social engineering attacks. Steps should also be taken to protect against malware campaigns and phishing scams and keep networks secure.