Cyber-criminals may take advantage of the public’s desire for information about Hurricane Irene to push out malicious emails and other cyber-scams, the Department of Homeland Security warned.
Government agencies and private companies should be on the lookout for phishing attacks masquerading as news regarding the storm and other malicious activity, DHS said in an alert issued Aug. 25. Cyber-criminals often use highly publicized events to snare users into falling for their scams, the agency said.
The emails may appear to originate from a reputable source and would likely have subject lines that reference the storm. Network administrators and general Internet users should be aware of these attempts and avoid opening those types of messages, the advisory said. Clicking on the emails could cause keyloggers, remote access tools and other malicious software to be downloaded onto the user’s computer, DHS warned.
“Both government agencies and private organizations could possibly become recipients of malicious activity, most commonly in the form of socially engineered spear-phishing emails,” the alert from the DHS National Cybersecurity and Communications Integration Center said.
Organizations need to be vigilant as recent high-profile attacks against companies, such as RSA Security and Oak Ridge National Laboratory, originated with a phishing email.
Scammers have increasingly taken advantage of natural disasters to push their malicious agenda. Earlier this year, search engine results were poisoned to return malicious links shortly after Japan was hit by an earthquake and in subsequent weeks as the Japanese struggled to contain the Fukushima nuclear plant. Criminals pushed out phishing emails pretending to be from the American Red Cross asking for donations to help earthquake victims. Security vendors warned of similar emails after the earthquake in Haiti.
Criminals are also using black-hat search engine optimization techniques to corrupt search engine results to return malicious sites for certain keywords or distribute malicious posts on social networking sites such as Facebook and Twitter to push out links. When users search on those terms and come across those links, their systems are compromised.
“When a major world event occurs, people feel like there’s an urgent ‘need’ to know what’s going on, a bit of a frenzy,” said Cameron Camp, an ESET researcher. “There’s a scramble to find the most reliable up-to-the-minute information and less attention paid to the normal defenses,” Camp said.
There is also a social element involved, as many of these malicious links also spread on social networking sites, making people think that their “friends” sent the information along, Camp said.
The entire situation is complicated by the fact that federal agencies, disaster-relief organizations and state and local governments are also using email, Facebook and Twitter to warn people about the track of the storm, announce evacuation plans and generally spreading information.
Virginia Governor Bob McDonnell warned the state’s residents to take “seriously the need to prepare for this significant storm and to ready their families, homes and communities for possible evacuation” via Facebook. New Jersey Governor Chris Christie posted on Twitter that he would be holding a news conference on hurricane preparedness. The New York Times has posted a list on Twitter of hurricane-related information and resources such as weather forecasts and evacuation centers.
For up-to-date information, people should go to reputable Websites, such as major news organizations, Camp said. Instead of clicking on a link, they should type the URL directly into the browser address bar and avoid clicking on shortened links, even if the accompanying text claims it’s from a well-known site.
Hurricane Irene moved northwest along the coast of the Carolinas on Friday and is expected to continue hugging the East Coast, hitting New York City and southern New England in the afternoon of Aug. 28.