Scammers Hit Florida Hurricane Victims with Fake FEMA Claims, Malware Files
Summary:
In the wake of Hurricane Helene and the impending arrival of Hurricane Milton on October 9th, 2024, Florida faces another threat: a myriad of cyberattacks targeting vulnerable individuals and organizations. Veriti, a cybersecurity research firm based in Israel, identified three key emerging threats exploiting the chaos and urgency surrounding hurricane relief efforts.
FEMA Claim Scamming: According to Veriti, Cybercriminals impersonate legitimate FEMA assistance providers to steal personal information and funds. On a hacker forum called BlackBones, detailed instructions on how to create fake FEMA claims and siphon off disaster relief funds from victims who truly need them were discovered. This post claims that for $125 "brokedegenerate" will reveal his method for filing a fake government assistance claim of $17,500.
The Forum Post: https[:]//blackbones[.]net/threads/florida-fema-assitance.15340/
Phishing Attacks: A surge in phishing domains registered with hurricane-related names has been observed. Recently-registered domains like hurricane-helene-relief[.]com and hurricanehelenerelief[.]com potentially aim to trick victims into providing sensitive data like Social Security numbers or other financial information. By using hurricane-related terms and associating themselves with disaster relief, these domains create a sense of urgency, increasing the likelihood of falling victim to the scam. Attackers likely send phishing emails directing recipients to these websites for "relief services" or "grant applications." Once victims enter their information, the attackers can use or sell the data on the cybercriminal marketplace for financial gain.
Malicious Files Disguised as FEMA Documents: Cybercriminals are distributing malware disguised as legitimate FEMA documents. One such example was a file named "fema_grants_manager_user_manual.pdf" that purported to be a FEMA manual related to disaster recovery grants. However, Veriti confirmed this file contained a malicious payload that redirected users to a suspicious URL. While no active infections have been observed yet, this highlights the potential for cybercriminals to use disaster relief programs as a cover for malicious activity.
VirusTotal Link:
https://www.virustotal.com/gui/file/8cb7f72505b54c250067d19d417ec975bba843042ac95c13c40f008c972b067d/details
Security Officer Comments:
The hurricane season presents a prime opportunity for cybercriminals to exploit the heightened emotions and vulnerabilities of those affected. Veriti's findings emphasize the importance of cyber vigilance for organizations doing business in Florida during these times. Individuals and organizations involved in hurricane relief should be extra cautious of unsolicited emails, websites, and attachments, especially those promising immediate aid or financial assistance. Verifying the legitimacy of any communication claiming to be from FEMA or other relief organizations is crucial to avoiding these scams. Furthermore, it's recommended to use strong passwords, enable two-factor authentication, utilize AV software, and keep software applications up to date to minimize the risk of falling victim to these malicious tactics.
Suggested Corrections:
Recommendations from Veriti
https://hackread.com/scammers-florida-hurricane-victim-fake-fema-malware/
https://veriti.ai/blog/exploiting-hurricane-helene-with-fema-scams-and-phishing-threats/
https://www.cisa.gov/news-events/alerts/2024/10/08/avoid-scams-after-disaster-strikes
In the wake of Hurricane Helene and the impending arrival of Hurricane Milton on October 9th, 2024, Florida faces another threat: a myriad of cyberattacks targeting vulnerable individuals and organizations. Veriti, a cybersecurity research firm based in Israel, identified three key emerging threats exploiting the chaos and urgency surrounding hurricane relief efforts.
FEMA Claim Scamming: According to Veriti, Cybercriminals impersonate legitimate FEMA assistance providers to steal personal information and funds. On a hacker forum called BlackBones, detailed instructions on how to create fake FEMA claims and siphon off disaster relief funds from victims who truly need them were discovered. This post claims that for $125 "brokedegenerate" will reveal his method for filing a fake government assistance claim of $17,500.
The Forum Post: https[:]//blackbones[.]net/threads/florida-fema-assitance.15340/
Phishing Attacks: A surge in phishing domains registered with hurricane-related names has been observed. Recently-registered domains like hurricane-helene-relief[.]com and hurricanehelenerelief[.]com potentially aim to trick victims into providing sensitive data like Social Security numbers or other financial information. By using hurricane-related terms and associating themselves with disaster relief, these domains create a sense of urgency, increasing the likelihood of falling victim to the scam. Attackers likely send phishing emails directing recipients to these websites for "relief services" or "grant applications." Once victims enter their information, the attackers can use or sell the data on the cybercriminal marketplace for financial gain.
Malicious Files Disguised as FEMA Documents: Cybercriminals are distributing malware disguised as legitimate FEMA documents. One such example was a file named "fema_grants_manager_user_manual.pdf" that purported to be a FEMA manual related to disaster recovery grants. However, Veriti confirmed this file contained a malicious payload that redirected users to a suspicious URL. While no active infections have been observed yet, this highlights the potential for cybercriminals to use disaster relief programs as a cover for malicious activity.
VirusTotal Link:
https://www.virustotal.com/gui/file/8cb7f72505b54c250067d19d417ec975bba843042ac95c13c40f008c972b067d/details
Security Officer Comments:
The hurricane season presents a prime opportunity for cybercriminals to exploit the heightened emotions and vulnerabilities of those affected. Veriti's findings emphasize the importance of cyber vigilance for organizations doing business in Florida during these times. Individuals and organizations involved in hurricane relief should be extra cautious of unsolicited emails, websites, and attachments, especially those promising immediate aid or financial assistance. Verifying the legitimacy of any communication claiming to be from FEMA or other relief organizations is crucial to avoiding these scams. Furthermore, it's recommended to use strong passwords, enable two-factor authentication, utilize AV software, and keep software applications up to date to minimize the risk of falling victim to these malicious tactics.
Suggested Corrections:
Recommendations from Veriti
- Verify the legitimacy of relief efforts: If you or your organization are involved in disaster recovery, always verify that any communication related to FEMA or disaster assistance is coming from official sources. Double-check URLs, email addresses, and other indicators before sharing sensitive information.
- Be cautious of unsolicited emails and attachments: Cybercriminals often use phishing emails to trick victims into downloading malicious attachments or clicking on dangerous links. If you receive an email with an attachment claiming to be from FEMA, verify its authenticity before opening it.
- Use up-to-date antivirus software: Ensure your security software is updated regularly to detect and block malicious files and phishing attempts. Advanced endpoint detection and response (EDR) solutions can provide an added layer of protection.
- Educate your team: Make sure that employees and volunteers involved in disaster relief efforts are trained to recognize phishing attempts and other cyber threats. Providing regular cybersecurity awareness training can help reduce the risk of falling victim to these scams.
- Federal Trade Commission’s Staying Alert to Disaster-related Scams and Before Giving to a Charity,
- Consumer Financial Protection Bureau's Frauds and Scams,
- FEMA's Disaster Fraud guidance, and
- CISA’s Phishing Guidance, Stopping the Attack Cycle at Phase One to help organizations reduce likelihood and impact of successful phishing attacks.
https://hackread.com/scammers-florida-hurricane-victim-fake-fema-malware/
https://veriti.ai/blog/exploiting-hurricane-helene-with-fema-scams-and-phishing-threats/
https://www.cisa.gov/news-events/alerts/2024/10/08/avoid-scams-after-disaster-strikes