CISA urges users to remain on alert for malicious cyber activity following natural disasters, such as hurricanes, as attackers target disaster victims and concerned citizens by leveraging social engineering tactics, techniques, and procedures (TTPs).
Social engineering TTPs include phishing, in which threat actors pose as trustworthy persons/organizations—such as disaster-relief charities—to solicit personal information via email or malicious websites. CISA recommends exercising caution in handling emails with disaster-related subject lines, attachments, or hyperlinks. In addition, be wary of social media pleas and texts messages related to severe weather events.
CISA encourages users to review the following resources to avoid falling victim to malicious cyber activity:
- Federal Trade Commission’s Staying Alert to Disaster-related Scams and Before Giving to a Charity,
- Consumer Financial Protection Bureau’s Frauds and scams, and
- CISA’s Using Caution with Email Attachments and Avoiding Social Engineering and Phishing Attacks.