Beware of phishing attempts in guise of disaster aid requests, officials urge

  • Published
  • By Debbie Roulier, DLA Information Operations

As the North and South Carolina coasts recover from damage caused by Hurricane Florence, local and national relief organizations will be soliciting donations from the public for assistance in rebuilding. Unfortunately, with an increase in legitimate solicitations come attempts by nefarious individuals and groups asking for money.

Phishing attempts often increase after a disaster or other catastrophic event, so be on the lookout for such attempts in the wake of Hurricane Florence. Phishing is the No. 1 tactic used by all forms of adversaries, from nation-states to terrorists and criminals, because it is cheap, easy and effective.

Phishing is one of the most common forms of social engineering, where malicious emails or websites are used to trick you into providing personal information. The originating email address or malicious website will look similar to that of a real organization. A reader who responds may think they’re donating to a legitimate website providing aid to hurricane victims, but they may be compromising their personal information or giving their money to terrorists.

Themed phishing campaigns are unfortunately nothing new, and making sure you’re providing your information to a legitimate source is vital to preventing your identity from being stolen.  

“Phishing is the No. 1 threat to the DoD and to DLA,” said Paul Resh, chief of the DLA Computer Emergency Response Team. “By providing our end users with an email 'Spam Alert' button, DLA has enabled our employees and contractors to act as an additional 'attack-warning sensor.’”

He called DLA’s employees and contractors “the first line of defense when it comes to keeping our networks, systems and data safe from our adversaries.”

Before providing money or personal information to an organization, remember the following:

  • Do not provide personal or financial information to anyone without confirming their identity.
  • Check the name of the website before clicking on any links. Many times, an illegitimate web address will look very similar (in fact, almost identical) to the URL of the real website. Write down the web address provided in an email and do a search on that URL before clicking the link.
  • Do not assume websites and associated links in social media posts or your email inbox are accurate and legitimate. Check them before clicking on them.
  • Check out a charity or organization before donating. The Better Business Bureau and Charity Navigator are two of the many excellent sources of information for checking out relief organizations.

There will be a need for relief money for weeks if not months to come. Do your research, ask questions and give with confidence.