Cybersecurity blog Cybersecurity blog
After the Storm: Beware of Disaster Cyber Security Attacks
Facebook Twitter LinkedIn

After the Storm: Beware of Disaster Cyber Security Attacks

blank
Sindri Bergmann
7 min read ∙ Sep 8, 2021
blank
This short video explains how ransomware works and how to stop it

Sometimes, emergencies can bring out the best in people and the community, but that is not always the case. In the immediate follow up of natural catastrophes, so-called disaster scams have been on the rise. For example, in the first month of the Covid-19 pandemic, there was a considerable rise in Covid-19 disaster cyber security attacks.

Scammers used the feeling of vulnerability to manipulate people emotionally. Following big global events and catastrophes such as hurricanes and earthquakes, fraudsters will take advantage of the situation. They will abuse the vulnerability of real victims and the empathy of observers to obtain valuable personal information or money.

People living in places where the prelude to a natural catastrophe can be predicted should be especially aware. This gives scammers time to plan and act immediately during and after the event. Although these disaster scams can happen anywhere and for all kinds of big events.

Why Worry About Cyber Security Attacks?

Natural catastrophes and disasters can strip people of the sense of security they are accustomed to. People experiencing a natural catastrophe or other kinds of disasters are emotionally and even physically vulnerable.

They want to do whatever necessary to protect themselves and their assets. Unfortunately, this means they are prime targets for various types of disaster cyber security attacks. This, in turn, can lead to identity theft or even ransomware attacks onto their computer systems.

Disaster scams are not only directed at the people immediately affected by the catastrophe. People generally want to help so innovative scammers create fake charities to prey on those helpful people.

Let’s take a better look at what natural catastrophes and disaster cyber security attacks look like and how we can protect ourselves from them!

3 Main Types of Cyber Security Attacks

The main aim of disaster scams is generally to solicit money from the target victims. However, in recent years cyber security attacks that center around gaining access to personal information or infecting devices have been on the rise. There are three main ways scammers reach out to their victims:

  1. Phishing is when an attacker sends fraudulent messages to their victim in the hope of gaining valuable information or deploying malware, such as ransomware, into their computer systems. Phishing is generally done via email but can also take place via other mediums such as short messages.
  2. Vishing is the equivalent of phishing via voice – or a phone. Voice-phishing or “vishing” is when a scammer calls their victims. They will try to trick them into giving out social security numbers or lure them into transferring money. Vishing attacks sometimes use spoofing techniques, making their incoming call look legit at first. Still, the conversations go into questionable avenues, such as asking for personal information or a money transfer.
  3. Smishing is a phishing attack via text messages. In some cases, they contain a link where the victim is redirected to a web page asking for sensitive personal information. In worst-case scenarios, they can infect your device with ransomware.
Smartphone ringing on a white crochet table cloth indicating a vishing cyber security attack.


These three common methods of scamming all rely on social engineering to try to make their attempts legitimate. As a result, these cyber security attacks can look very convincing. They take advantage of the crisis and when people are desperate to get help.

3 Types of Disaster Cyber Security Attacks to Watch Out For

Digital disaster scams come in many forms but they all have some things in common. They want to gain important information about you, request money, or in some cases, infect your devices with malware.

Government Relief Fund Cyber Security Attacks

Government relief fund scams are a type of disaster scam that target the most vulnerable. They create hope that assistance is on the way. They can take the form of phishing emails, vishing phone calls, or smishing.

Most commonly these types of disaster cyber security attacks ask people for very personal information, such as their social security number or credit card numbers. They can often look very convincing, not least in desperate situations. But be aware:

  • Government agencies do not contact you directly via email, phone, or text to ask for your financial or social security information.
  • Government agencies will never try to get you to rush to accept something or do something when on the phone. However, a common tactic amongst scam artists is to create a sense of urgency. In times of despair, that can be very effective. If something sounds off, hang up and report the call to the proper authorities.
  • Government officials never ask for money to provide services that they are legally obliged to do in the event of a disaster.
  • Never enter your email address and password into forms that appear to be from government agencies. If the disaster scam relies on you signing up for something, check whether the site is legitimate first. Always use a unique password and, if possible, username, to protect your other accounts.

Charity Cyber Security Attack

Following dramatic events, such as a devastating hurricane or an earthquake, people are often willing to help by donating money to charities. This type of disaster scam is a favorite amongst scammers. It plays with people’s empathy and potential helplessness in times of trouble.

Charity scams target a wider population than just the disaster victims and usually pop up and disappear very quickly.

Caucasian hands of a grown up and a child holding wood blocks that spell out "give" on a blue wooden background. Indicating disaster cyber security attacks around donations after a catastrophe.


Charity scams are not only there to get your money. They can also be about getting your personal information such as bank account information, social security, or even your login information for your email or social media. To protect yourself from charity scams:

  • Never donate to charity organizations with gift cards, wire-transfers, cryptocurrency, or even cash. If you wish to donate to an unfamiliar organization, it is safer to do so via credit card.
  • If you feel a sense of urgency from the charity in receiving the donation, then that might be a good indicator of the charity being a scam. The sense of urgency makes people act without thinking and is always a sign of something being amiss.
  • Make sure to check where the donations are going and ask pointed questions about how the donations will be spent. There are charity watch-dogs out there, such as GuideStar and Charity Watch. These specialize in reviewing charities and spotting charity scams.

Tech Support Cyber Security Attacks

During natural disasters, it becomes even more apparent how reliant we are on technology. For example, infrastructures such as phone lines or electric lines might get disrupted during extreme weather like hurricanes or other natural disasters. Depending on the area, this means that the victims are without electricity or internet for some time.

Some malicious actors might use that to contact people in the immediate post-disaster period. They offer tech support for them to get back on track as quickly as possible. These tech support scams can vary, depending on the situation but be aware:

  • If you get an unsolicited call from someone claiming to be tech support, be suspicious, this could be a disaster scam. Genuine tech support would never ask you to transfer money via gift cards, cryptocurrency, or wire transfer to assist you.
  • Never give up your passwords or personal identifiable information such as social security numbers or credit card information.
  • If you get emails about suspicious logins or that a package could not be delivered because of the situation, be cautious. Check the links before clicking on them!

Stay Cyber-Safe Post-Disasters

Physical security should always be a top priority during a natural catastrophe. However, the cyber world is such an integral part of our lives that we must be vigilant on that front too. Hackers and scammers are becoming more adept at social engineering and emotional manipulation.

We need to be extra careful, not least in times of crisis. Be careful what information you share with people online or over the phone and what links you click in emails or text messages. Disaster cyber security attacks use these common tactics to gain information or access. Take care, and stay safe!

blank
Sindri Bergmann
7 min read ∙ Sep 8, 2021

Become cyber secure

You and your employees are going to love AwareGO. It’s a modern, cloud-based system for managing human risk, from assessment to remediation. We’ve made it super easy — schedule your first assessment or training in minutes.

Get started for free and give it a go right now.

You’ll love the way AwareGO can fit into your existing infrastructure. Our robust APIs, widgets, and content available in SCORM format make sure that the integration is seamless. We also integrate with Active Directory, Google Workspace, and popular tools like Slack and Teams.

Contact us and our experts will recommend the best way to integrate.

Upgrade your cybersecurity business by adding human risk management to your existing portfolio of services. Increase your deal size by leveraging Human Risk Assessment or offering Security Awareness Training to your current customers and creating a new revenue stream.

Contact us to become an AwareGO partner, and we will support you every step of the way.

Join top companies worldwide in the mission to make workplaces cyber-safe

Get started free
blank blank blank blank blank blank blank blank blank blank