New hacking disaster warning for email users
Republished on January 18 with warnings that this hacking disaster will only get worse.
It shouldn’t be a shock given what we’ve seen before – but it’s likely to happen. A real hacking disaster is heading for Gmail, Apple Mail, Outlook and other email users. But thanks to a new safety report, at least you’ll know what to watch out for. Just make sure you don’t fall victim to this, making it an even worse nightmare situation.
A new report from Veriti has just warned that “as California grapples with devastating wildfires,” with entire communities affected, “those disasters are serving as fertile ground for cybercriminals looking to exploit the chaos and uncertainty.” The teams say they have identified “alarming trends in phishing scams linked to the ongoing disaster, highlighting the need for increased cyber security awareness”.
The threat will come via emails with convincing URLs that you can click to get help, learn more, or even donate. “In just 72 hours,” says Veriti, “it identified multiple newly registered domains associated with the California wildfires.” The URLs are quite clearly aimed at victims of the fires, which is not surprising. By hitting those who need urgent help and support, the campaign will hit its mark.
Some of those domains can be seen here:
- malibu-fire[.]com
- fire relief[.]com
- Restoration of reeds[.]STORE
- fire evacuation service[.]com
- Lacountyfirer building permits[.]com
- Peace is recovery[.]com
- boca-on-fire[.]com
- palisade-fire[.]com
- fire palisade recovery[.]com
The team gave a specific example of “a subdomain that suggests a phishing attempt designed to lure victims under the guise of fire assistance. Such tactics undermine people’s goodwill and willingness to support recovery efforts.”
The California fire phishing lure
While 2025 is predicted to be the year such scams turn more to AI, with more convincing copy and images more likely to successfully trick people, using these simple URLs is definitely outdated. We will no doubt see the same with the impending ban of TikTok, and we will continue to see campaigns geared around global hotspots, mixing charity campaigns with offers of help.
“The California wildfires,” says Veriti, “highlight the dual tragedy of natural disasters and cyber exploitation. As hackers continue to refine their techniques, awareness and vigilance are critical to preventing their attacks. Understanding the methods and tools used by cybercriminals, individuals and organizations can take proactive steps to minimize risks.”
We’ve seen repeated warnings in recent weeks as the holiday season spawned a record number of attacks and scams targeting users on nearly every possible email, messaging and browsing platform they might use. Ultimately, though, successful attacks are all about seduction. And this one has all the right components.
Just don’t click on any email or download and open any attachment. If you want to find or offer help or assistance, use a search engine to find the website for organizations you are familiar with or can find through reliable sources.
There are other scams that use the California wildfires as a lure to watch out for, with the latest GoFundMe scam reported on Saturday. “A Palisades fire victim is warning the public after a scammer stole video of her house burning and used it to scam GoFundMe donors. The victim says her family alerted her that a scammer had used the video of her Ring. Footage shows flames from the Palisades fire destroying her home… The scammer claimed he lost his home to the fires and was apparently using the video of the Ring to scam potential donors. The GoFundMe has since been taken down.”
Rob Bonta – California’s Attorney General – has warned the public to be wary of such tactics. “We have big-hearted people who want to help, who want to donate, who want to support the victims… We also see scammers who are taking advantage of that kindness and that generosity and scamming and deceiving those individuals.”
As a local Consumer Protection official has warned, “when disasters like this happen, fraudsters are on the move. We’ve seen this time and time again—fraudsters creating new ways to reach people during times of crisis.”
Meanwhile, GoFundMe tells its users that “you can support those affected by donating to verified fundraisers on this page. Our Trust and Safety team will continue to update this page with more fundraisers as they are verified, adding “verified fundraisers for people affected by the recent wildfires in Los Angeles County.”
The public has also been warned to be extra vigilant given that scammers can now use AI to make their words and images far more convincing than in the past – these days it’s much harder to tell what’s real from what is not. And the newly secured domains should serve as a warning that there are more to come.
