Phishing Scams Capitalize on IreneSocially Engineered Hurricane Relief Schemes Expected to Peak
Phishing e-mails, vishing phone calls and smishing texts started showing up last week, as soon as Hurricane Irene hit the Bahamas. Nathan Batts, senior vice president and associate counsel at North Carolina Bankers Association, says socially engineered schemes often use the Federal Emergency Management Agency as a guise.
Those involved with the scam pose as FEMA employees and try to convince consumers to provide personal information, such as Social Security numbers, and financial information, such as bank account details. Many disaster-related attacks are personal and direct, perpetrated through a phone call. But some take traditional routes, such as e-mail, while more are taking emerging routes, like text messages to mobile devices.
"Financial institutions should also monitor their customers' accounts for unusual activity that could be a sign of identity theft or home repair fraud," Batts says. "Institutions may want to consider posting information at their branches with tips on avoiding scams."
Banking institutions also should notify employees about possible scams, so they can educate customers and members, and ensure they don't become prey themselves. Many schemes are likely to exploit the emergence of social networks, such as Facebook, where fraudulent links could appear to come from friends and others an employee or consumer knows and trusts.
"We will probably see donation scams, where people are asked to make donations via the Web or another format," says Chris D'Elia, president of the Vermont Bankers Association. Criminals also may be looking for bank statements or checkbooks left in the debris, so institutions should advise consumers about possible fraudulent activity related to lost articles that contain personal and financial information.
Agencies Offer Warnings, ReliefOn Monday, the Federal Bureau of Investigation issued a statement about fraudulent e-mails related to Hurricane Irene, linking to recommendations from the Internet Crime Complaint Center about charitable contribution schemes. Similar schemes surfaced last year, when phishing attacks targeted financial institutions and consumers after the BP oil spill.
The National Credit Union Administration and Federal Deposit Insurance Corp. also have issued advice and precautionary steps for institutions and staff.
Three priorities laid out by the NCUA include ensuring the safety of credit union staff, keeping facilities and operations available to members, and providing material and technical assistance to affected credit unions.
The FDIC's guidance notes that many banks along the East Coast were significantly damaged, and regulatory relief from certain filing and publishing requirements for those institutions is being considered .