In times of crisis, cybercriminals prey
At this moment wildfires continue to be active on much of the West Coast and around the Rogue Valley. As the community sympathizes and mourns for those who lost homes, communities and loved ones, one can’t help but think “What can I do to help?” Unfortunately, this compassion is a magnet for cybercriminals, who have become more skillful in their attempts to take advantage of goodnatured people by pretexting, phishing and creating counterfeit charities.
Here are a few scenarios to look out for:
Phone calls or text messages asking for donations and relief should be considered malicious. These ask you to pay over the phone while gathering copious amounts of personal and financial information. To protect yourself, take down as much information as the scammer is willing to give you so you can report it to the local police. Then hang up. A text message will ask you to take additional actions, such as going to a location or validating a phone number. Do not respond to text messages and delete them from your phone.
Cybercriminals also use phishing to trick individuals via email to donate. A popular phishing attempt is an email that looks as though it comes from a legitimate source. This email may ask you to click a link and login with your user credentials. The malicious actor then can use this information to access your account. Email or text messages containing certain red flags could alert users to a possible phishing attack:
- Grammatical errors
- Prize offers
- A sense of urgency
- Request for personal information
- Request for user IDs and passwords
- Threats of consequences
- Making demands
Keep in mind that these emails often look very authentic. To avoid falling for a phishing attempt, do not click links embedded in emails. Instead, it is best practice to exit the potentially malicious email and log into your account on an official website. Asante’s Information Security team is available to help you identify if an email is authentic or a threat. You can use the “Report Phish” button in Outlook or forward the email to sp**@as****.org and a member of the Information Security team will respond.
Sadly, counterfeit charities are very popular among cybercriminals in the wake of tragedy. Fake charity websites are a prime platform to steal your identity and your money. If you are interested in donating to a charity, it’s best to follow these practices to ensure your donation is going to the right place:
- Approach charitable organizations directly.
- Check the organization’s name and look it up.
- Legitimate charities are registered so check an organization’s credentials.
- Never give credit card details or online account details to anyone you don’t know or trust.
- Avoid any organization asking for up-front payment via money order, wire transfer, international funds transfer, preloaded card or electronic currency.
More information on approved charities and donations can be validated by emailing do*******@as****.org.
Finally, avoid putting personal information on social media or public forums that could inadvertently make you a target to a cybercriminal. This includes your phone number, mailing address and other personal information.
If you need answers for a personal work matter, please contact the author or department directly instead of leaving a comment.