An earthquake in Nepal. Bombings at the Boston Marathon. A hurricane in the Gulf. Disasters around the globe often trigger an outpouring of sympathy and donations from generous Americans. They also trigger opportunities for some of the worst folks on the planet who hope to capitalize on human curiosity.
Scammers crawl out of the woodwork in droves following major human tragedies. An email lands in your Inbox with a subject line like “Nepal Damages Mount.” Click the link and you’re likely to end up a victim yourself. That link will take you to the promised video but the site you visit is also looking to serve up some malware and take over your computer.
After the Boston disaster in 2013, Sophos, a UK-based Internet security company detected a number of malicious emails1 being sent with subject lines like “2 explosions at Boston Marathon” and “Boston Explosion Caught On Video”1 shortly after the tragedy. Other anti-virus firms noted that within hours, key words in most spam circling the globe referenced that disaster.
“The sick truth is that malware authors and malicious hackers lose no sleep about exploiting the deaths of innocent people in their attempt to infect computers for the purposes of stealing money, resources and identities,” Sophos warned at the time.
On April 30, 2015, the US government warned of a similar spam tsunami tied to the Nepal earthquakes2. These tactics utilize stolen email addresses to blast out messages that appear to come from a legitimate source. Some appear to come from friends or acquaintances but, in truth, those friends probably have a compromised computer. You may not even realize that your email address has been stolen.
Cyber security experts suggest that you never click on links in emails. Navigate to legitimate news outlets on your own instead. If you hover your cursor over the link, you’ll often see the dead giveaway that this is not from the Red Cross or Doctors Without Borders. It’s some weird website created by hackers eager to get their hands in your wallet. So don’t click!
Received a suspicious disaster email? We’d like to hear your story at email@example.com. Who know? Your tale could help others avoid the pitfalls of our digital world.
- Sophos’ Naked Security, April 17, 2013: https://nakedsecurity.sophos.com/2013/04/17/malware-boston-marathon-bombing/
- US-CERT Warning April 30, 2015: https://www.us-cert.gov/ncas/current-activity/2015/04/30/Nepal-Earthquake-Disaster-Email-Scams