The Cybersecurity and Infrastructure Security Agency (CISA), part of the Department of Homeland Security (DHS), has issued a warning to internet users to be aware of possible cybercrime campaigns designed to trick the public into handing over money, personal information or to download malicious files onto their devices, in the wake of the El Paso, Texas, and Dayton, Ohio, mass shootings.
CISA has urged the public to exercise caution when responding to emails related to the shootings, even when these emails appear to have been sent by reputable organisations, such as charities.
It is unclear whether this warning has been issued following the detection of such malicious campaigns. However, CISA has said that scams are “common” following tragic events, as criminals attempt to capitalise on their victims’ heightened emotions.
Likewise, CISA also says to be wary of similar tactics used on social media, over the phone, on specific websites, and during door-to-door solicitations.
“Cybercriminals might pose as charities, activists, news media, support groups, or some other organisation related to the shootings,” Paul Bischoff, privacy advocate for Comparitech.com, says. “They send messages over email and social media in order to fraudulently solicit donations, trick victims into giving up personal information, or distribute malware.”
It isn’t uncommon for cybercriminals to use social engineering techniques to dupe victims into handing over money. These campaigns are particularly concerning due to the fact that in many cases it is vulnerable groups, such as the disabled or elderly, who fall victim.
According to digital services company Accenture’s latest The Cost of Cybercrime report as much as $5.2tn could be at risk from cybercrime over the next five years.
How to avoid falling victim to such scams
“To avoid falling victim to these scams, treat any unsolicited email or message with scepticism,” Bischoff warns.
If you receive a message urging you to click on a link, you should first check that the URL being linked to belongs to the organisation that the email claims to be from. Cybercriminals will often set up websites with domain names that appear similar to those used by legitimate organisations to trick unsuspecting victims.
“In many cases, phishing involves getting the victim to click on a link that leads to a fake website. This website might look identical to a legitimate website, but in fact it is meant to steal passwords, credit card details and other information,” Bischoff explains.
Likewise, you should also check that the sender is using an email address that belongs to the organisation they claim to be from.
If you’re unsure, do not click the link, do not download any attachments and do not hand over any personal information.