SUMMARY
- Cybercriminals are exploiting the California wildfires to launch phishing campaigns.
- Veriti Research found fake domains like “malibu-firecom” designed to mimic legitimate services.
- These domains aim to steal personal information or install malware under the guise of fire-related assistance.
- Scammers are using fear and urgency to deceive victims into clicking fraudulent links.
- Veriti urges heightened vigilance, though no active email campaigns have been detected yet.
The recent California wildfires have not only devastated communities but have also become a lucrative event for cybercriminals. Exploiting the chaos and uncertainty surrounding the disaster, these malicious actors are employing sophisticated phishing tactics to take advantage of the situation.
Cybersecurity researchers at Veriti have identified numerous newly registered domains closely linked to the fires. These domains, such as “malibu-firecom” and “fire-reliefcom,” mimic legitimate services, luring unsuspecting victims with promises of fire evacuation assistance, recovery permits, and even fire coverage.
“These domains exhibit patterns typical of phishing campaigns. Some aim to mimic official services like fire evacuation assistance, while others target specific localities, such as Malibu and Pacific Palisades. Early indications suggest these sites are being prepared to host fraudulent activities, including phishing attacks, fake donation requests, and malicious downloads,” the Veriti Research team noted in the blog post.
As per their research, these domains are likely being used to host phishing emails and websites designed to steal personal information, such as login credentials and financial details. Hackers leverage social engineering techniques, creating a sense of urgency and fear to manipulate victims into clicking on fraudulent links or downloading malicious software.
For example, a subdomain might offer “fire-related assistance” while secretly attempting to install malware on the victim’s device. This exploitation of disaster-related fears highlights the vulnerability of individuals and organizations during these critical times.
While no email campaigns utilizing these phishing domains have been identified yet, Veriti Research is actively monitoring them for any malicious activity.
The team stresses the need for people to stay alert and informed about these threats. Understanding how cybercriminals operate can help individuals and organizations protect themselves and reduce the chances of becoming victims. Here is the full list of domains Veriti Research identified within 72 hours:
fire-reliefcommalibu-firecom
boca-on-firecom
palisades-firecom
Calfirerestorationstore
palisadesfirecoveragecom
fire-evacuation-servicecom
Pacificpalisadesrecoverycom
Lacountyfirerebuildpermitscom
RELATED TOPICS
- Zika Virus Exploited by Scammers to Spread Malware
- #JeSuisCharlie Being Used by Hackers To Spread Malware
- Viral Facebook Links on Missing Malaysia Jet Are Malicious
- Hackers Sending Fake Ebola Virus reports in emails with Malware
- Online Scam Alert Associated with the Nepal Earthquake Disaster
- Florida Hurricane Victims Hit with Fake FEMA Claims, Malware Files
- Photos of Drowned Syrian Boy Exploited by Spammers on Facebook
- Russian Hackers hacked MH17 Crash investigators in phishing attack