As if the devastating effects of Hurricane Harvey are not bad enough, the United States Computer Emergency Readiness Team (US-CERT) of the Department of Homeland Security is warning of a different threat:  falling victim (or exposing your entire company) to Harvey-related phishing schemes.

Fraudulent emails carrying malware payloads or directing users to phishing or malware-infected websites have been identified and US-CERT is issuing cautions. Emails requesting donations or appearing as “breaking news” alerts often appear during and after major natural disasters.

The warning continues:

US-CERT encourages users and administrators to use caution when encountering these types of email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns:

• Review the Federal Trade Commission’s information on Wise Giving in the Wake of Hurricane Harvey.

• Do not follow unsolicited web links in email messages.

• Use caution when opening email attachments. Refer to the US-CERT Tip Using Caution with Email Attachments for more information on safely handling email attachments.

• Keep antivirus and other computer software up-to-date.

• Refer to the Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

• Verify the legitimacy of any email solicitation by contacting the organization directly through a trusted contact number. You can find trusted contact information for many charities on the BBB National Charity Report Index.

Make sure to take a minute and remind your network users about this scam so that we don’t create a new set of Harvey-related victims out of those who were just trying to help.