Natural disasters often bring out the best in people, with communities and organizations coming together to help those in need. Unfortunately, they also present opportunities for cybercriminals exploiting the chaos for financial gain. With Hurricane Helene and other recent hurricanes affecting Florida, Veriti’s research team has identified several emerging cyber threats targeting vulnerable individuals and organizations. Three key emerging threats: FEMA claim scamming, phishing attacks using hurricane-related domains, and malicious activity disguised as FEMA-related files.
FEMA Claim Scamming
One of the first major threats we observed was FEMA claim scamming, where cybercriminals posed as legitimate FEMA assistance providers to steal personal information and funds. A VIP member on a hackers forum, under the alias “brokedegenerate,” recently posted about a new scam targeting Florida residents affected by the hurricane.
On the forum, the scammer shares tactics for creating fake FEMA assistance claims, with detailed instructions on deceiving victims and siphoning off funds intended for disaster relief. This scam is particularly dangerous, as victims are already vulnerable due to the natural disaster.
Forum post: https://blackbones.net/threads/florida-fema-assitance.15340/
Phishing Campaigns Targeting Hurricane Victims
In addition to FEMA claim scams, we’ve observed a surge in phishing domains registered to exploit the hurricane and relief efforts. These domains are designed to trick individuals into providing personal information, such as Social Security numbers, credit card details, and other sensitive data.
Here are a few newly registered domains our team identified, which could be used for phishing campaigns:
- hurricane-Helene-relief.com
- hurricanehelenerelief.com
By associating hurricane-related terms with disaster relief, these domains aim to create a sense of urgency, making it more likely that victims will fall for the phishing schemes. Attackers will likely send phishing emails directing recipients to these websites, claiming to offer relief services or grant applications. Once victims input their personal details, the attackers can use or sell the data for financial gain.
Malicious Files Disguised as FEMA Documents
Cybercriminals also use malicious files disguised as legitimate FEMA documents to distribute malware. A few days ago, a file named fema_grants_manager_user_manual.pdf was uploaded for virus scanning. Upon inspection, it was found to contain malicious content. Link to VirusTotal here.
The document appears to be a legitimate FEMA manual related to disaster recovery grants, referencing systems like the Grants Portal and Grants Manager, which are used to streamline the grant application process. However, the file includes a malicious payload that redirects users to a suspicious URL: zuwudijalekufas.mofien.co./za
Although we haven’t yet observed active infections from this campaign, the file’s existence highlights the potential for cybercriminals to use disaster relief programs as a cover for malicious activity.
Recommendations to Stay Safe
- Verify the legitimacy of relief efforts: If you or your organization are involved in disaster recovery, always verify that any FEMA or disaster assistance communication comes from official sources. Double-check URLs, email addresses, and other indicators before sharing sensitive information.
- Be cautious of unsolicited emails and attachments: Cybercriminals often use phishing emails to trick victims into downloading malicious attachments or clicking on dangerous links. If you receive an email with an attachment claiming to be from FEMA, verify its authenticity before opening it.
- Use up-to-date antivirus software: Ensure your security software is updated regularly to detect and block malicious files and phishing attempts. Advanced endpoint detection and response (EDR) solutions can provide an added layer of protection.
- Educate your team: Ensure that employees and volunteers involved in disaster relief efforts are trained to recognize phishing attempts and other cyber threats. Regular cybersecurity awareness training can help reduce the risk of falling victim to these scams.
As natural disasters like Hurricane Helene affect communities, it’s critical to remain vigilant about the cyber threats that follow in their wake.
This blog is courtesy of Verti Research. Click here for more information.