Hackers' Corner: Phishing in a Hurricane

"Remember: when disaster strikes, the time to prepare has passed."

Cybercriminals love to prey on disaster victims. When a natural disaster hits, the damage isn’t limited to buildings, networks, or equipment—you also need to be on high alert for cyberattacks. Chaos creates the perfect cover for malicious actors to strike, and they know that during moments of crisis, people are more likely to act quickly and ask questions later.

Hurricane Scams Are Nothing New

Scammers have been taking advantage of natural disasters for years—especially after hurricanes, when people are vulnerable and looking for help. In 2005, after Hurricane Katrina, the Department of Justice created the National Center for Disaster Fraud (NCDF) to fight disaster-related scams. In 2007, two brothers were sentenced for running a fake website that claimed to collect donations for the Salvation Army to help Katrina victims. In 2008, experts warned about scam websites popping up after Hurricane Gustav, as scammers rushed to buy storm-related domain names to trick people out of their money. By 2011, the Cybersecurity and Infrastructure Security Agency (CISA) started posting alerts about hurricane scams, starting with a wave of phishing emails that followed Hurricane Irene.

These scams resurface—and more importantly, evolve—every time a disaster strikes. When Hurricane Helene hit the East Coast in September 2024, CISA issued another urgent warning, urging the public to stay alert for phishing emails, malicious links, and fraudulent messages posing as disaster aid. Once again, scammers were quick to exploit fear, confusion, and urgency to trick their victims.

Cybercriminal Tactics: A Closer Look at Hurricane Helene

After Hurricane Helene, several states—including Florida, Georgia, South Carolina, North Carolina, and Tennessee—became prime targets for cybercriminals looking to profit from the chaos. Many of the attackers impersonated the Federal Emergency Management Agency (FEMA) to deceive both people and organizations. What made Helene especially dangerous was the widespread damage that occurred in areas not prepared for a hurricane emergency—and where many residents were unfamiliar with disaster relief processes, making them even more vulnerable to scams.

Phishing Frenzy

Phishing attempts surged. Fraudulent websites mimicking "Hurricane Helene relief" began appearing, often using slightly altered URLs to appear legitimate (e.g., added dashes or misspellings). These sites created a false sense of urgency to lure desperate victims into giving up personal information. Once submitted, that data was either sold or used to commit financial fraud.

Malware Disguised as FEMA Docs

Hackers also distributed malware through fake FEMA documents. Victims would receive official-looking PDFs referencing FEMA’s Grants Manager or Grants Portal systems. Embedded within were malicious links that redirected users to infected websites, compromising their systems. While no widespread attacks were confirmed, researchers at Veriti urged heightened vigilance.

Social Engineering: FEMA Fakes

Scammers didn’t stop at phishing and malware. They took social engineering to the next level by posing as FEMA employees. These imposters submitted fake relief claims and stole both personal data and emergency funds.

Veriti researchers found detailed guides on cybercrime forums like BlackBones, where one user, “Brokendegerate,” posted instructions for creating fake FEMA assistance claims. These scams specifically targeted Florida residents impacted by the hurricane.

Social Engineering: Onsite Impersonation of Government Officials

Scammers often pose as FEMA representatives, insurance adjusters, or other officials, claiming they can speed up your relief or insurance claims in exchange for money or personal information. It’s essential to apply a Zero Trust mindset—always verify the identity of anyone who contacts you before sharing any information or agreeing to anything.

Fake Charities: Taking Advantage of Goodwill

Disasters often bring out the best in people—but also the worst in scammers. Fraudulent charities claiming to help victims of Hurricane Helene and Hurricane Milton emerged quickly. Instead of helping survivors, these fake organizations pocketed donations for personal gain.

Stay Vigilant

Cybercriminals will keep trying to exploit disasters for profit. During these times, it’s important to:

• Check URLs carefully before clicking.

• Avoid opening suspicious attachments.

• Be cautious of unexpected messages or donation requests.

• Verify the legitimacy of anyone or any group offering help.

• Use secure connections like VPNs (e.g., AnyConnect) and avoid public Wi-Fi when accessing sensitive systems or information.

• Beware of deepfake AI, which can create fake images, audio, and videos. Only trust information from official university channels or trusted sources. Confirm any requests for money or help with known contacts.

• Keep antivirus software up to date to catch malware and phishing attempts. Advanced tools like endpoint detection and response (EDR) add extra protection.

• Train your team, including employees and volunteers, to recognize phishing and cyber threats. Regular cybersecurity awareness reduces the risk of scams.

Preparation and awareness are your best defense—even after the storm has passed.