Products
Products
Detection
Intelligence
About Cofense
About Cofense
Leadership
Free Tools
Free Tools
Build Resilience
Create Transparency
Speed Response

Welcome to the Cofense Blog

Get the latest information on phishing threats and trends, BEC, ransomware and credential phishing, plus Cofense product updates.

Follow us on Social Media

Scammers Are Targeting Hurricane Relief Funds Through FEMA

Scammers Are Targeting Hurricane Relief Funds Through FEMA

By: Ronnie Tokazowski

Just like with other natural disasters, scammers are trying to utilize these terrible situations to their advantage. In the wake of Hurricane Ian many Floridians are displaced, just like those in Louisiana and Mississippi after Hurricane Ida in 2021, with both storms responsible for billions of dollars in damages as well as loss of life.

There is now evidence that shows scammers are going after relief funds available to those in need from FEMA. Scammers are actively sharing tutorials and documents with criminal networks on how to steal relief funds for those in need.

Here’s what we know.

Recently, a Nigerian colleague shared screenshots which were circulating different hacker WhatsApp groups about disaster relief assistance. While these may appear to be simple screenshots of someone filling out a regular form with DisasterAssistance.gov, the context of these images is something that scammers can use to file fraudulent claims. In the first image, scammers instruct other scammers to select the option of “Hurricane/Hail/Rain/Wind Driven Rain” as what type of damage occurred, and to select the option of “Tornado/ Wind” damage.

Image 1. Screenshot of fraudulent loan application filed by scammers as a tutorial to commit fraud
 

In total, the documents and images shared by scammers are a total of 23 different steps, each of which details what to say, how to fill out the application, and what type of information can be used to file a fake claim.

Image 2. Application instructing user to fill out hotel accommodations
 

Image 3. Entering address of where damage happened
 

Image 4. Confirming name, birthday, social security number, and email account
 

The intent of these fake returns is to make claims to FEMA that appear real and get accepted, in order to steal money from the government. While these screenshots were taken in response to Hurricane Ida, our source in Nigeria says that scammers are actively using this tactic to steal funds from FEMA. To note, the social security numbers that are being used could be stolen, bought from the internet, or a variety of either.

Image 5. Reference of Hurricane Ida
 

In addition, one of the screenshots shows a submitted FEMA application with a reference to “ssn-check.org”, a website which can be used to verify the existence of a social security number. In addition, ssn-check shows a timeframe that the SSN was created, allowing the attackers another form of verification when they’re filing these false claims.

And as proof of success of this scam, the scammers also provided the criminal network with a final screenshot showing the submitted application.

Image 6. Successful FEMA application
 

While it may be difficult to identify fraudulent returns simply by how the forms are filled out, scammers routinely come from the same IP address, use the same email accounts, or make use of the Google dot bug to register multiple claims from the same account.

And as horrible as it sounds, scammers are quick to jump on the bandwagon when other humans are in need. FEMA is aware that scammers are targeting their platforms with fraud, however they need to increase vigilance as scammers are actively moving to steal funds as quickly as possible. In addition, users may receive mail to their address stating that they received funds. If you didn’t file, tell FEMA! Be on the lookout for other types of FEMA fraud and if you see anything, make sure to report it to FEMA.