Phishing scams take advantage of recent tragedies

We’ve been advised by SUNY’s information security team that cybercriminals are leveraging the recent tragedies in New Zealand and Ethiopia as pretexts for email phishing attacks. Unfortunately, hackers will take any advantage of incidents like these to steal money and information, and/or plant malware. (Please see our similar advisory from last September regarding phishing attacks based on hurricane relief.) According to the New York State Intelligence Center Cyber Analysis Unit, the scams come in three basic forms:

  • Claims to locate secret information about the incident on the dark web and provides a file attachment that supposedly contains this secret information, but in actuality contains malware.

  • Exploits individuals’ curiosity to view video footage of the incidents by providing a malicious link that installs malware onto the network.

  • Asks for donations that link to bogus charity websites. Recipients of the email believe they are making a donation to the incident victims or their families, when in fact the funds are being stolen along with bank account or credit card numbers.

Below is a screenshot of one such fake email.

What can you do to protect yourself?

  • Be suspicious of conspiracy theorists or charities with which you are not familiar.

  • Don’t assume that your friend who forwarded an email has vetted it carefully.

  • Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site but the URL may use a variation in spelling or a different domain (for example .com vs. .net).

  • Be suspicious of unsolicited phone calls, visits, or email messages.

  • Do not provide personal information or information about your organization.

  • Do not reveal personal or financial information in an email, and do not respond to email solicitations for this information.

About Cybersafe
The Division of Information Technology is dedicated to informing the community of the latest cybersecurity threats. Visit fitnyc.edu/cybersafe and stay tuned for emails from [email protected] for the latest from the Cybersafe campaign at FIT. Be aware—and be cybersafe!