Watch out for Hurricane Harvey phishing scams

Cybercriminals are taking advantage of the storm, which has devastated Southeast Texas.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
2 min read
Texas Army National Guard members help families who were flooded out of their homes.

Texas Army National Guard members help families who were flooded out of their homes.

Erich Schlegel/Getty Images

Hurricane Harvey's destruction has attracted online scammers looking to prey on people who want to make kindhearted donations.

The United States Computer Emergency Readiness Team issued a warning Monday that thieves are taking advantage of the disaster by using email and social networks to send out bogus links that promise to let you help victims.

Instead, the links lead to phony websites where cybercriminals try to steal your credit card and personal info. Other cyberthieves have been setting up fake charities where the organizers end up pocketing all the money.

Hurricane Harvey hit Houston, Texas, with one of the largest downpours in US history, starting as a Category 4 hurricane over the weekend. Thousands of people abandoned their homes as floodwaters rushed over single-story houses and rain continued to slam down on the city. At least three people have died from the powerful storm, and the city continues to brace itself against the disaster.  

There have been several legitimate fundraisers online, such as the Hurricane Harvey Relief Fund, which is accepting donations through the Greater Houston Community Foundation. But several phishing emails have also gone out, asking for donations to this fund but directing people into a trap, said Dan Lohrmann, head of computer security company Security Mentor.

Social networks have been hit too. Facebook pledged to match every donation up to $1 million for a Hurricane Harvey recovery fund. However, there have been scam charity pages set up on the network that claim to be tied to the real effort but instead send people to counterfeit websites. Lohrmann also found bots on Twitter that have been posting donation links that lead to malicious software or to spam messages.

Phishing schemes like this pop up every time there's a disaster. In 2016, the Federal Trade Commission issued a warning against charity scams after earthquakes in Ecuador and Japan.

US-CERT recommends that people be wary of links on social media and in emails, and that they verify all organizations before donating.

The FTC recommends that people donate to charities they know and trust, and check with third parties like Charity Navigator or GuideStar to verify that they're legitimate. You can also verify charities by checking to see if they're registered in your state through the National Association of State Charity Officials.

"It's heartbreaking to see people lose their lives, homes and businesses to the ongoing flooding in Texas. But it's despicable when scammers exploit such tragedies to appeal to your sense of generosity," Collen Tressler, an FTC consumer education specialist, said in a blog post