Phishing During Disasters and How to Deal with It

What is Phishing?

Phishing is a scam that uses social engineering techniques to trick individuals into revealing their (sensitive) personal information, such as passwords, credit card numbers, or social security numbers, through fake emails, phone calls, or websites. The goal of a phishing attack is to steal sensitive information or money from the victim. This type of fraud has become increasingly sophisticated over the years and can result in significant financial losses for individuals and organisations.

??

Phishing During Natural Disasters

Phishing attacks are typically carried out via email but can also occur through phone calls, text messages, or instant messaging. According to a study, 96% of phishing attacks are delivered via email[1]. However, unlike the general tendency, phishing attempts during natural disasters are predominantly made through social media and text messages. In these cases, the attacker may impersonate a trusted entity, such as a government agency, a bank, or a non-profit organisation. Then request the victim to distribute their message further and make a monetary donation. For example, a victim can come across a post indicating an urgent request for help on their social media thread or receive a (distributed) direct message from someone they know. In some cases, attackers can go one step ahead to create a fake website that resembles the real one to create further assurance.

?

Who Suffers the Most from Phishing?

?The short answer is everyone except attackers, as it diverts the valuable resources donated to a cause to the wallets of fraudsters. ?

Due to the nature of condition unfortunate incidents, messages of attackers tend to include the following elements:

• The dramatisation of the fake story they use
• Emphasising the urgency for action
• Logos or text copied from respected organisations
• No direct link to the mentioned organisations' websites to break off potential quick checks

?

How to Identify Phishing

There are several signs that an email or website may be part of a phishing scam:

1. Suspicious sender address: The sender address of a phishing message may appear to be from a legitimate source, but a closer examination may reveal that it is slightly different or not from the expected source.
2. Urgency: Phishing messages often contain a sense of urgency, such as people being harmed, unless the recipient does not take immediate action.
3. Not able to confirm the source: As the messages rely on fake or manipulated news, it is not possible to cross-check the provided information against a reputable source.
4. Conflicting account names: Generally, attackers claim that all donations will be used for people who are in need. However, there is either an intermediary (e.g., an unknown person who claims to be responsible for the initial collection of funds) or the name on the bank account is not the same as the alleged, reputable organisation. But the identity of these people are generally not clear and there is no transparency in use of funds.
5. Unsecured website: If you are asked to enter personal information on a website, make sure that the website is secure by checking for a padlock icon in the address bar and that the website begins with "https".
6. Typos or grammatical errors: Phishing messages may contain typos or grammatical errors, indicating that a legitimate source did not send them.

?

Individuals can take specific actions proactively to mitigate the risk of phishing attacks. Good practices include:

• Cross-checking the claims with the official websites of reputable organisations
• Asking your sender if they are they know the sender in person or directly involved in the charity efforts
• Do not redistribute a message unless you confirm the validity of the message. Otherwise, you end up directly helping attackers and leading to unwanted harm to people who donate and those in need. Please note that this is the best way to hinder attackers. Without their messages being distributed, they cannot deceive anyone.
• It is always better to share the link of the source of information (or entity). This practice will enable people to be able to cross-check the information you provide quickly. Also, new information can become available frequently during crises, so it is better to provide a dynamic information source.

?

Here are the main organisations working on helping people who are affected by the recent earthquake in Turkiye:

Government Agencies

·???????https://www.afad.gov.tr/ is the official website of Turkiye's Disaster and Emergency Management Authority

o??https://www.afad.gov.tr/depremkampanyasi2 link for official donation accounts

·???????https://www.kizilay.org.tr/ is the official website of the Turkish Red Cross

Non-profits NGOs

·???????https://www.akut.org.tr/ widely respected Search & Rescue Association operating in Turkiye

·???????https://ahbap.org/ is a non-profit organisation matching people in need with donors

·???????https://teyit.org/ is a non-profit fact-checking website

If you encounter a phishing attack, you can notify the National Cyber Incident Response Center (https://www.usom.gov.tr/ihbar) or check if a suspected source is already within their malicious links page (https://www.usom.gov.tr/adres)

PS: If you think a revision needs to be made within the current text, please feel free to send me a message

Here is the link to the Turkish version of the same article.

[1] https://www.verizon.com/business/en-gb/resources/reports/dbir/