Watch out for digital Hurricane Ida scams: SEC

Hackers and scammers increasingly use headline-grabbing events to steal money from people, particularly from those affected by storms and hurricanes.

The SEC has released a notice warning people to be on the lookout for scams related to Hurricane Ida, which thrashed multiple states last week with torrents of rain and tornados while leaving millions without power

The SEC said people who may be receiving lump-sum payouts from insurance companies due to damage from Hurricane Ida should be wary of investment scams or other online efforts to steal their money. 

"These scams can take many forms, including promoters touting companies purportedly involved in cleanup and repair efforts, trading programs that falsely guarantee high returns, and classic Ponzi schemes where new investors' money is used to pay money promised to earlier investors," the SEC explained. 

"Some scams may be promoted through email and social media posts promising high returns for small, thinly-traded companies that supposedly will reap huge profits from recovery and cleanup efforts." 

AccuWeather CEO Dr. Joel Myers estimated that Hurricane Ida caused nearly $95 billion in total damage and economic loss after dumping inches of rain on Louisiana and then continuing its path of destruction up the East Coast. Millions of people will now need to deal with insurance companies to cover water damage and other issues stemming from the after-effects of the hurricane.

Read this

Video: IT heroes of Hurricane Sandy

ZDNet interviewed a panel of IT heroes who kept their organizations running During Hurricane Sandy with successful disaster recovery plans. Watch the full 40-minute panel discussion as these IT leaders share the lessons they learned.

Read More

The SEC noted that after the devastation caused by Hurricane Katrina in 2005, there were dozens of "false and misleading statements about alleged business opportunities" that they were forced to take action against. 

"Be skeptical if you are approached by somebody touting an investment opportunity. Ask that person whether he or she is licensed and whether the investment they are promoting is registered with the SEC or with a state," the SEC added. 

"Take a close look at your entire financial situation before making any investment decision, especially if you are a recipient of a lump sum payment. Remember, your payment may have to last you and your family for a long time."

The financial watchdog warned of Ponzi schemes and other scams that may be targeted at those receiving payouts from FEMA or insurance companies. 

Cyber Security Cloud released a study last month noting that there was a growing trend of increasing cyberattacks before, during and after any sort of global or regional event.

The study found a massive increase in attacks aimed at Japanese organizations ahead of the Olympics this year and attacks aimed at US organizations ahead of the Super Bowl. 

Cerberus Sentinel vice president Chris Clements echoed the study's findings, telling ZDNet that scammers frequently target newsworthy events to lure victims into taking urgent action, especially when related to financial means.  

"We saw widespread campaigns targeting pandemic stimulus checks, and I expect we will continue to see similar targeted operations both with this instance and with any future events. Individuals and organizations both must stay on guard for any unsolicited inbound communications promising financial windfalls and requiring urgent action," Clements said.  

"Especially important is to identify 'trusted paths' for any legitimate relief funds or investment opportunities and to research their validity properly."

James McQuiggan, the security awareness advocate at KnowBe4, told ZDNet that in stressful times, those affected by floods, hurricanes and fires need help quickly and rely on their emotions without taking the extra time to examine an email to determine its validity. 

"Users want to avoid clicking on links in solicitation-style emails asking people to donate or be leery of requests to download images or video clips of people in troubled times. Cybercriminals will always find emotional lures to exploit users through social engineering," McQuiggan said. 

"People want to recognize and only donate to worthwhile and established organizations that support people in life's unfortunate situations after a hurricane or medical emergency. Additionally, this is critical for users who want to help out those in need and those who require financial assistance."