The Scam of the Week highlights a vector of attack that is almost common these days from a proactive cyber security view, the exploitation of major disaster to hijack people’s desire to contribute funds to help with Hurricane Harvey relief efforts.
The RopeMaker exploit highlights an attack against traditional email client use (eg Outlook Desktop) that leverages users’ invalid belief that a received email is immutable (‘permanently fixed’).
Read the message below from Stu Sjouwerman, Founder and CEO of KnowBe4, a security awareness blog.
Scammers are now using the Hurricane Harvey disaster to trick people in clicking on links, on Facebook, Twitter and phishing emails trying to solicit charitable giving for the flood victims.
Here are some examples:
- Facebook pages dedicated to victim relief contain links to scam websites.
- Tweets are going out with links to charitable websites soliciting donations, but in reality include links to scam sites or links that lead to a malware infection.
- Phishing emails dropping in a user’s inbox asking for donations to #HurricaneHarvey Relief Fund.
Previous disasters have been exploited like this, and the bad guys are going at it again will all guns blazing. Be wary of anything online covering the Hurricane Harvey disaster in the following weeks.
I suggest you send employees, friends and family an email about this Scam of the Week, you’re welcome to copy/paste/edit:
“Heads-up! Bad guys are exploiting the Hurricane Harvey disaster. There are fake Facebook pages, tweets are going out with fake charity websites, and phishing emails are sent out asking for donations to #HurricaneHarvey Relief Funds that they keep for themselves. Don’t fall for any scams. If you want to make a donation, go to the website of the charity of your choice and make a donation. Type the address in your browser or use a bookmark. Do not click on any links in emails or text you might get. Whatever you see in the coming weeks about Hurricane Harvey disaster relief… THINK BEFORE YOU CLICK.
- The RopeMaker Exploit Can CHANGE an Already Delivered Email
- Here Is a Cool and Useful INFOGRAPHIC About Social Engineering