The Federal Trade Commission recently issued an alert on disaster email scams that cite the recent earthquakes in Ecuador and Japan. The scam emails that are circulating may contain links or attachments that direct users to phishing or malware-infected websites.
This appearance of these disaster email scams after a major natural disaster occurs is unfortunately very common. There is no doubt that the flooding in Texas will prompt more scam activity by hackers.
This most recent scam targeting the earthquakes in Ecuador and Japan should serve as a reminder to all end-users to take precautions when receiving donation requests for any type of emergency relief. Knowing what to look for will go a long way towards avoiding disaster email scams.
How to Avoid Falling Victim to Disaster Email Scams
There are some standard measures you can take to protect yourself from falling victim to any disaster email scams. They are:
Stay alert. Be mindful that hackers and cybercriminals follow the news and will exploit these types of events. You can visit the FTC Alert center and check for any recent scam alerts. You can also sign up for our newsletter to receive alerts such as these on a weekly basis. In some cases, we will issue stand-alone alerts for major threats like the recent ransomware attacks.
Stay in control of where you land on the internet. Don’t follow unsolicited web links or attachments in email messages. If you intend to support a specific organization, browse directly to their website yourself. This will help you avoid clicking through to a webpage with malware or landing on a spoofed site and entering personal information or making a donation that goes into a hacker’s bank account.
Always confirm that the organization you would like to contribute to is legitimate. There are several ways you can verify a non-profit organization’s status. Because non-profits must register as an official 501(c)3, you can typically do a search through the state Attorney General’s Office to confirm that registration. You can also visit GuideStar or CharityNavigator to access detailed information about charities, including their overall rating, finances (check their 990 information) and official contact information. Another source is the Better Business Bureau, which maintains accredited lists of charities that are known to be seeking support for a specific disaster. You can view the Ecuador Earthquake Relief list on their site currently.
Only give to established charities. Be wary of “pop-up” charities. Establishing a non-profit organization is not an overnight process. If the organization soliciting you for a donation didn’t exist before the disaster, look for another legitimate organization to contribute to.
Do not respond to email requests (or texts) from individual disaster victims seeking financial aid. These requests are almost always scams. If you believe you know someone in the affected area, contact them directly to confirm. You should also avoid links or videos posted to social media that are asking for donations. As with the emails or texts, best practice is to contact the individual directly if you feel someone you know is truly in need.
Beware of heavy-handed requests. If you receive an email that pressures you to donate right now, it is likely a scam. Legitimate non-profit organizations don’t rely on scare tactics. They may certainly indicate that need is very high if the services they provide are critical to a recently affected area (such as the current solicitation on the American Red Cross website, which indicates that support for those affected by the Texas floods is needed), but these disaster email scams take it to a new level. A request to contribute immediately via wire transfer or overnight delivery are also red flags that the person on the other end is just looking for fast money and it’s a disaster email scam.
Keep your personal information private. A legitimate non-profit organization will more than likely provide a secure method for making an online contribution, or contributing via PayPal. They will also happily accept a check. What they won’t do is ask for your social security number or your bank account number. Any requests for such information are an immediate red flag of a disaster email scam.
Be aware when donating by text. Text-to-donate options are a popular way to contribute during a disaster and are perfectly acceptable. Using this method, the donation amount will appear on your phone bill and the funds will be directed to the organization. However, if you choose to donate this way be sure to audit your phone bill for any additional strange charges. As noted above, you should only choose this option after verifying that the organization requesting support is a registered, established non-profit. It’s also best practice not to respond to a text message directly. Instead this is an option that you should initiate on your own after researching the validity of it and deciding that you would like to direct a donation to a particular organization.
Always keep your anti-virus and security patches up to date. Regular updates and patch management will help protect you from common viruses and known vulnerabilities in software programs or your operating system. While these measures aren’t foolproof, they will help to protect you from the vast majority of cyberthreats.
End-user education is critical. Knowing is half the battle, so make sure that all end-users in your business are aware of current alerts as well as social engineering tactics and how to avoid them. Stressing the importance of avoiding unsolicited links and attachments can save you from unwanted downtime and lost productivity, sales, or customers.
By following these basic best practices, you can safely continue to support organizations in need and ensure that your contribution actually reaches the non-profit.