Hurricane season is here, and with natural disasters comes opportunists looking to gain profit by exploiting the empathy of the general public. Ensuring you’re aware of these scams and have measures to protect against them prevents you or your employees from becoming victims. This guide covers all you need to know about storm-related scams and the measures you can take to ensure you’re not caught out.
What are storm-related scams?
Storm-related scams are a particular type of social engineering attack that uses a natural disaster caused by a storm, such as a hurricane, to attempt to profit from the aftermath. These imposter scams often have scammers posing as legitimate charities or existing businesses, trying to access money from the public that would otherwise have gone towards disaster recovery for victims and their communities. As emotions surrounding natural disasters run high, it’s the perfect hunting ground for fraudsters looking to gain money and personal information with minimal effort.
Common types of storm-related scams
Not every storm-related scam is the same. As the methods for phishing and scams become more complex, different types of hurricane scams have evolved to target different groups of people. These include:
Insurance scams
Insurance scams affect people who have had property damaged or lost entirely as a result of a hurricane. These scams may involve contractors directly meeting homeowners face-to-face, offering to start repairs with full insurance coverage. This particular scam is also a risk for businesses in hurricane-struck areas, where contractors may call or show up at the door offering to fix the damage. Once the paperwork has been signed, these scammers typically leave and collect insurance payments with no repairs completed.
FEMA scams
The Federal Emergency Management Agency provides valuable services in the clean-up process after a hurricane, helping affected households to gain access to federal aid. Scammers posing as FEMA inspectors may arrive on-site to request social security information or banking details and ask for immediate payment for services. Posing as FEMA is also common in phishing attempts, with scam emails targeting employees in hurricane areas, asking them to provide bank details over email to receive federal aid.
Charity scams
Charity scams are some of the most common options for phishing, with fake charities requesting direct donations to support important causes. Following a natural disaster, charities that have appeared out of nowhere are familiar hiding places for scammers. It’s essential to thoroughly check out the background and history of a charity before donating. If a scammer is posing as an existing well-known charity, carefully scrutinizing emails and contact information is key to avoid getting caught up.
Social scams
Social scams are amongst the most challenging scams to spot for many employees, as these requests for aid seem to come directly from people they know or care for. For example, a sophisticated phishing email may look like it has come from someone else within an organization, requesting donations via a link to help a family member who has lost their house. As these phishing attempts include personal information and specific details, it’s harder to spot what’s real and what isn’t.
How to spot phishing and social engineering attacks
Many phishing scams have tell-tale signs you can look out for to protect you, your employees, and your business. Improving your knowledge of what scams can look like, how they present themselves and key indicators is helpful to both prevent immediate risks and prepare you for more sophisticated scams in the future. Some of the key ways to spot social engineering or phishing attempts include:
Generic greetings and lack of personal information
Using general greetings such as ‘Dear Sir/Madam’ is an easy, immediate way to spot less-sophisticated phishing attempts. Emails that are very general in circumstances where they would not be inaccurate to the person – for example, an email from FEMA that starts with ‘Dear Sir’ when you’re a woman – can suggest that you’ve received a general phishing email targeted at thousands of people instead of direct contact related to your financial aid.
Spoofed email addresses and links
Email addresses as a tell-tale sign of a phishing email. For example, if you’ve received an email from a well-known charity at a .com email address instead of a .org one, this could indicate it isn’t legitimate. While links in scam emails can look real, hovering over them will give you the actual link that you’re being sent to. In phishing emails, these links rarely add up and send you to different websites. It’s crucial to check URLs as a spoofed website can look identical in nearly every way to a legitimate website, making it harder to figure out you’re being scammed.
Poor layout, spelling and grammar
Bad formatting, spelling inconsistency and overly formal language within emails are all strong indicators of phishing. If an email doesn’t look quite right, mainly if it’s supposed to be from a well-known or professional organization, this is a red flag that the person emailing you isn’t who they say they are. Large charities and government organizations also have particular writing styles, making it easy to identify non-legitimate emails if you have existing emails to compare.
Inaccurate or exaggerated information
Many storm scams use false information to gain money or personal information from the public. For example, posts circulating on social media about free housing if you sign up for a certain organization can spark countless scammers attempting to profit from this inaccurate rumor. Ensuring you check whether the information in emails is accurate helps identify what is real. For example, checking disaster declarations on FEMA can provide insight into whether a rumor is real or a lie.
Reporting storm scams
If you’ve received an obvious scam email or have an employee who is the victim of a storm-related scam, ensuring you report it to the right people is essential. Your options for reporting phishing and scam attempts include:
- Contacting the FEMA Disaster Fraud Hotline on 1-866-720-5721 or disaster@leo.gov
- Reporting a scam to the Federal Trade Commission (FTC) at reportfraud.ftc.gov
- Reporting an internet-based scam to the FBI Internet Crime Complaint Center at www.ic3.gov
How to prevent getting caught out
So, how do you prevent getting caught out by increasingly sophisticated scammers? Awareness and proper protection are essential components in preventing anyone in your company from becoming a victim of fraud.
Providing training and information about the current active scams, what they look like, and how to report them is valuable to keep your business safe. Providing employees with information on scams that may affect them directly, such as social or insurance scams, can also help safeguard them against scammers.
Beyond education, protecting your employees’ mailboxes with an email protection solution can be a way to prevent scammers from gaining access in the first place. As security specialists, Ramsey Consulting Services can support you in protecting your company and employees. Get in touch today to find out more.
