How cybercriminals prey on victims of natural disasters

As residents of the Carolinas attempt to stay safe during Hurricane Florence, they may encounter another threat that can add to the misery of natural disaster victims.

Victims, volunteers, and infrastructures may become vulnerable to cybercriminals during disasters. Corporate and business interests also may face greater risk of cyberattacks following a disaster because systems may be compromised and IT personnel who ordinarily would be monitoring cybersecurity threats may be diverted to rebuild IT assets.

“Cybercriminals are known to exploit natural disasters,” Lisa Traina, CPA/CITP, CGMA, president and technology services director of Traina & Associates, a CapinCrouse company, said in an email. “Individuals and organizations can be targeted.”  

Disaster victims, volunteers, and donors are likely to be interacting with unfamiliar people and organizations such as government entities, insurance companies, and not-for-profits, which cybercriminals may attempt to impersonate in “phishing” attacks.

In these attacks, cybercriminals pretend to be reputable and legitimate sources as they contact victims or volunteers through emails, text messages, or phone calls in an effort to acquire personal information such as credit card and Social Security numbers.

Meanwhile, cybercriminals may pose as charities following a natural disaster, pretending to solicit on behalf of victims in order to obtain credit card or bank account information.

“Be cautious and stay vigilant,” Maria Thompson, North Carolina’s chief risk officer, said in a news release. “Let’s ensure one disaster does not lead to another. Phishing threats are real. Cybercriminals will use every tactic in their arsenal to deprive citizens of their information and ultimately their financial assets.”

The North Carolina Department of Information Technology advises individuals to:

For businesses, the U.S. Department of Homeland Security recommends that organizations develop business continuity plans that would address IT procedures during a natural disaster as well as actions to be taken in an IT breach that is not associated with a natural disaster.

But backup plans may put businesses at risk, as Traina said criminals target organizations that are operating in a backup environment following a disaster.

“Many disaster plans involve the use of backup systems,” she said. “These systems can be vulnerable because they may lack the same security protections that exist in a live environment. For example, firewall protection may not mirror the live system and servers and other systems may not be updated with current patches. This opens a number of security holes that are ripe for exploitation.”

Traina said organizations also need to be aware that they will open themselves up to further risk if they temporarily switch off controls to allow for continued operations.

“An example is multi-factor authentication that allows for system access from a set list of IP addresses,” she said. “If people need to work and access systems from evacuation locations, a limited list of the normal IP addresses will prohibit access. To resolve the issue, the IT department may turn off the validation list to keep things running.”

While suspending these controls may help the business keep running, it also provides cybercriminals with an opening they may exploit to cause even more problems.

“Don’t let your guard down, even when the power is down,” Traina said.

Ken Tysiac ( is the JofA’s editorial director.

Research & References of How cybercriminals prey on victims of natural disasters|A&C Accounting And Tax Services

29 thoughts on “How cybercriminals prey on victims of natural disasters”

Leave a Reply