Phishing Scams Capitalize on Irene

Socially Engineered Hurricane Relief Schemes Expected to Peak
Phishing Scams Capitalize on Irene
In the wake of natural disasters such as Hurricane Irene, fraudsters are quick to capitalize on the desperation of the displaced and the sympathies of those who want to help. Most of the schemes rely on phishing scams that feign to be charities set up to aid victims. [See Disaster Averted for Most IT Systems.]

Phishing e-mails, vishing phone calls and smishing texts started showing up last week, as soon as Hurricane Irene hit the Bahamas. Nathan Batts, senior vice president and associate counsel at North Carolina Bankers Association, says socially engineered schemes often use the Federal Emergency Management Agency as a guise.

Those involved with the scam pose as FEMA employees and try to convince consumers to provide personal information, such as Social Security numbers, and financial information, such as bank account details. Many disaster-related attacks are personal and direct, perpetrated through a phone call. But some take traditional routes, such as e-mail, while more are taking emerging routes, like text messages to mobile devices.

"Financial institutions should also monitor their customers' accounts for unusual activity that could be a sign of identity theft or home repair fraud," Batts says. "Institutions may want to consider posting information at their branches with tips on avoiding scams."

Banking institutions also should notify employees about possible scams, so they can educate customers and members, and ensure they don't become prey themselves. Many schemes are likely to exploit the emergence of social networks, such as Facebook, where fraudulent links could appear to come from friends and others an employee or consumer knows and trusts.

"We will probably see donation scams, where people are asked to make donations via the Web or another format," says Chris D'Elia, president of the Vermont Bankers Association. Criminals also may be looking for bank statements or checkbooks left in the debris, so institutions should advise consumers about possible fraudulent activity related to lost articles that contain personal and financial information.

Agencies Offer Warnings, Relief

On Monday, the Federal Bureau of Investigation issued a statement about fraudulent e-mails related to Hurricane Irene, linking to recommendations from the Internet Crime Complaint Center about charitable contribution schemes. Similar schemes surfaced last year, when phishing attacks targeted financial institutions and consumers after the BP oil spill.

The National Credit Union Administration and Federal Deposit Insurance Corp. also have issued advice and precautionary steps for institutions and staff.

Three priorities laid out by the NCUA include ensuring the safety of credit union staff, keeping facilities and operations available to members, and providing material and technical assistance to affected credit unions.

The FDIC's guidance notes that many banks along the East Coast were significantly damaged, and regulatory relief from certain filing and publishing requirements for those institutions is being considered .

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.