Hurricane Helene Prompts CISA Fraud Warning

Beware that friendly text from the IT department giving you an “update” about restoring your broadband connectivity. Hurricane Helene is whirling its way toward the Florida coast, with the US National Hurricane Center warning those in the path of the storm to prepare for a Category 3 landing on the night of Sept. 26, followed by a life-threatening 20-foot storm surge.

Unfortunately, cybercriminals are likely planning a storm of their own, in the form of fraud and phishing efforts tied to interest and anxiety related to Helene.

A charity appeal for donations is a common gambit that cyber scammers perpetrate after a natural disaster, along with notices that purport to come from energy or phone providers about outages, and even unsolicited offers of help from “contractors” who can remove fallen trees or outfit your office with a generator — as long as you pay upfront.

There are many, many variations on the theme, including business email compromise (BEC)-enabled attacks that use a legitimate organization’s email to hide nefarious purposes.

Being suspicious is the top defense here. As the US Cybersecurity and Infrastructure Security Agency (CISA) warned on Sept. 26, individual citizens and corporate users alike should remain vigilant when “handling emails with hurricane-related subject lines, attachments, or hyperlinks. In addition, be wary of social media pleas, texts, or door-to-door solicitations relating to severe weather events.”