Let’s face it, as human beings we all have to face the wrath of nature at some point in time during our lives. Whether they are massive snow storms and bone chilling cold like we have here in Chicago, or tornadoes out in the Great Plains, or just even the normal thunderstorm that knocks out power for six hours, it’s all there.
But, there is something very unusual that normally most don’t face: Hurricanes. The United States Carolinas has just faced its worst natural disaster since Hurricane Andrew way back in 992. This time it is Hurricane Florence. Just consider some of these alarming stats about Florence:
*It has dumped 18,000,000 gallons of rain in just one week over North Carolina, South Carolina, Virginia, Georgia, Tennessee, Kentucky and Maryland;
*The Carolinas have received more than 45 of inches of rain total;
*There have been 13 hurricane related deaths thus far;
*More than 19,000 people were displaced in shelters in North Carolina, 6,400 people in South Carolina, and 400 people in Virginia;
*Over 3,000,000 homes have lost electric power;
*More than 2,400 airline flights have been cancelled;
*It is anticipated that the economic damages caused by Hurricane Florence would reach almost $60 Billion;
*At its peak, Hurricane Florence was over 280 miles wide.
Yes, these numbers are astounding, especially the total number of people that have been impacted. But, it is also during these times that another disaster looms, this time from the virtual world: The Cyber Attacker. A common theme among these blogs is that the they will strike when we are at our weakest and most vulnerable.
And, as repulsive as it sounds, the Cyber attacker will prey upon the innocent and recovering victims of Hurricane Florence. In fact, even before the Florence hit, Cyber security firms as well as the Federal Government were already sounding off the alarm bells about fraud and malicious intents.
The Multi-State Information Sharing and Analysis Center (also known as the “MS-ISAC”) explicitly said that this weather event will “. . . propel the emergence of new and recycled scams involving financial fraud and malware . . .” (SOURCE: https://www.cyberscoop.com/hurricane-florence-scams-hacking-phishing-ms-isac/).
Just after Hurricane Florence hit, the MS-IAC noticed a large uptick in the registration of the following domains:
In addition, there have been 13 additional domains with the name “Florence” in them that have already been registered, and thus far, there have been a total of 65 suspicious sounding domains that have been registered as of last Wednesday (9/12/2018).
But, in all of this, there is one small bit of solace, for the lack of a better term. During the times of natural disasters such as like this one, the Cyber attacker wants to move quickly in order to strike “when the iron is hot”. Thus, they will not rely upon super sophisticated types of attack vectors such as Ransomware or BEC in order to hone in on their victims.
Rather, they will make use of the tried and true techniques of Phishing, and baiting the victim to a phony website. In this instance, believe it or not, the victim of Hurricane Florence can have the upper hand here. For example, there are plenty of websites out there that will provide examples of the telltale signs of a Phishing based Email. All this take is a simple Google search.
To the victims that have been impacted either directly or indirectly, my best advice to you is, always thoroughly read any Email that you may get with regards to any kind financial matters that deal with Hurricane Florence. Take particular notice of:
*The name of the sender (it will often be a name that just doesn’t sound right);
*All of the content in the E-mail for any typos, misspellings, or grammar flaws;
*More than likely, the suspicious E-mail will also have a link to a phony website. You can confirm this by hovering your mouse pointer over the link. If what appears is different than the link that is embedded in the E-Mail message, then you can be guaranteed that the website is phony;
*DO NOT DOWNLOAD any attachments if you are unfamiliar with the sender of the E-Mail message (even if they sound familiar, always contact that individual to confirm if they have actually sent the message or not);
*Be careful of any text messages that you may receive. Remember, although the Cyber attacker primarily makes use of E-Mail as the main attack vehicle, they have also been known in the recent past to send text messages to send you to a phony website;
*If you ever want to confirm the authenticity of a charity organization check out this link: https://www.charitynavigator.org/;
*Also pay careful attention to any phone calls you may receive. The Cyber attacker of today is also now even resorting to use the old-fashioned techniques of Social Engineering in order to get to your personal information. Remember, a legitimate organization will never ask for your password, Social Security number, or any kind of financial information, unless you divulge them out first;
*Also, be wary of any messages or posts that you receive asking for money for donations on both Facebook and Twitter. The Cyber attacker has been known to use these sites as well for sending out links to phony websites.
Also remember in these instances, pay careful notice of any messages that you may receive from PayPal or the American Red Cross. Cyber attackers have been notorious in the past for using the names of these two entities when launching Phishing based E-Mails. Also, for the people out in the Carolinas, be careful of any phone calls or E-Mail messages that you could potentially receive from the Edison Electric Institute.
If you are hustled in any way to make a bill payment, then be assured that it is a fraudulent call and/or E-Mail. Remember, nobody will be in a rush for you to make a bill payment of any kind, especially after something as disastrous as Hurricane Florence has occurred.
Finally, my thoughts and prayers go out to all of the victims of Hurricane Florence. May your recovery from this disaster be a complete and quick one.