This content is viewable by Everyone

Feb 2023: Phishing Attacks Use Earthquake-Themed Lures

Threat Alert: What to Watch For

  • Cybercriminals have launched multiple phishing attacks attempting to take advantage of the humanitarian crisis in Turkey and Syria following the earthquake. These attacks are intended to steal recipient’s funds or to lead to the installation of malicious software (malware). 
  • As multiple attacks are exploiting this crisis, lures will appear different. Some lures are designed to look as if they are coming from impacted victims of the earthquake, while others impersonate government organizations. 
  • In all cases, watch for telltale signs of phishing attacks, including mismatches between an email’s sending address and the alleged sender, numerous and blatant typos, strong appeals to emotion, or language warning of imminent donation deadlines or impending earthquakes in your area. 
  • Be suspicious of any emails asking for donations in cryptocurrency.

Key Action: Report Suspicious Emails

  • Report ANY suspicious emails using the Phish Alarm button in your email menu bar. 
  • Remember: Our organization occasionally sends phishing simulations that are used to evaluate the potential impact of a real phishing attack. Report any emails that match the tactics described above. 
  • If a reported message is a simulation, you will see a notification alerting you to that. No further action is needed on your part. 
  • If a reported message was not a simulation, and you are concerned about a time-sensitive request, you must take additional steps to verify the email is valid before acting on it. 

Tips to Remember (at Work and at Home)

  • Remember that cybercriminals commonly leverage current events in phishing attacks. Global events like the earthquake in Turkey and Syria spark a lot of interest and conversation. Attackers know people will be tempted to engage with emails that mention these kinds of topics.   
  • Remain alert to phishing indicators. Spelling errors are always warning signs, as are mismatches in sending and reply-to addresses. Additionally, never trust any emails that ask for a small donation with the promise of a larger payment in the future. 
  • Always vet organizations prior to donating. It can be tempting to immediately donate to a charity following a high-profile crisis. Be cautious of any requests for donation following a crisis, and instead directly navigate to a trusted charity instead of following emailed links. Additionally, be cautious of any requests for cryptocurrency-based donations, as these are often fraudulent. 
Actual Earthquake Phish
Actual Earthquake Phish
Actual Earthquake phish