In recent years, US-CERT has received reports of an increased number of phishing sites set up in the wake of tragedies and natural disasters. US-CERT reminds users to remain cautious when receiving unsolicited email that could be a potential phishing attempt.
Phishing emails may appear as requests for donations from a charitable organization asking the users to click on a link that will then take them to a fraudulent web site that appears to be a legitimate charity. The users are then asked to provide personal information that can further expose them to future compromises.
Users are encouraged to take the following measures to protect themselves from this type of phishing attack:
- Do not follow unsolicited web links received in email messages.
- Contact your financial institution immediately if you believe your account and/or financial information has been compromised.
- Verify the legitimacy of the email by contacting the company directly through a trusted contact number.
- Visit the Anti-Phishing Working Group for more information on known phishing attacks.
For additional information regarding phishing, US-CERT recommends reading the following documents:
- Technical Trends in Phishing Attacks
- Recognizing and Avoiding Email Scams
- Avoiding Social Engineering and Phishing Attacks