Scammers Are Targeting Hurricane Relief Funds Through FEMA

October 12, 2022

By: Ronnie Tokazowski

Just like with other natural disasters, scammers are trying to utilize these terrible situations to their advantage. In the wake of Hurricane Ian many Floridians are displaced, just like those in Louisiana and Mississippi after Hurricane Ida in 2021, with both storms responsible for billions of dollars in damages as well as loss of life.

There is now evidence that shows scammers are going after relief funds available to those in need from FEMA. Scammers are actively sharing tutorials and documents with criminal networks on how to steal relief funds for those in need.

Here’s what we know.

Recently, a Nigerian colleague shared screenshots which were circulating different hacker WhatsApp groups about disaster relief assistance. While these may appear to be simple screenshots of someone filling out a regular form with DisasterAssistance.gov, the context of these images is something that scammers can use to file fraudulent claims. In the first image, scammers instruct other scammers to select the option of “Hurricane/Hail/Rain/Wind Driven Rain” as what type of damage occurred, and to select the option of “Tornado/ Wind” damage.

FEMA-Image-1-FEATURED-IMAGE.png: Image illustrating Cofense's partnership with the Federal Emergency Management Agency (FEMA).

Image 1. Screenshot of fraudulent loan application filed by scammers as a tutorial to commit fraud.

In total, the documents and images shared by scammers are a total of 23 different steps, each of which details what to say, how to fill out the application, and what type of information can be used to file a fake claim.

FEMA-Image-2.jpeg.WM.png: Photo showing Cofense's team working with FEMA officials.

Image 2. Application instructing user to fill out hotel accommodations

FEMA-Image-3.jpeg.WM.png: Photo of Cofense and FEMA representatives discussing cyber security solutions.

Image 3. Entering address of where damage happened

FEMA-Image-4.jpeg.WM.png: Image illustrating Cofense's role in enhancing FEMA's cyber security defenses.

Image 4. Confirming name, birthday, social security number, and email account

The intent of these fake returns is to make claims to FEMA that appear real and get accepted, in order to steal money from the government. While these screenshots were taken in response to Hurricane Ida, our source in Nigeria says that scammers are actively using this tactic to steal funds from FEMA. To note, the social security numbers that are being used could be stolen, bought from the internet, or a variety of either.

FEMA-Image-5.jpeg.WM.png: Photo showing Cofense and FEMA officials collaborating on cyber security initiatives.

Image 5. Reference of Hurricane Ida

In addition, one of the screenshots shows a submitted FEMA application with a reference to “ssn-check.org”, a website which can be used to verify the existence of a social security number. In addition, ssn-check shows a timeframe that the SSN was created, allowing the attackers another form of verification when they’re filing these false claims.

And as proof of success of this scam, the scammers also provided the criminal network with a final screenshot showing the submitted application.

FEMA-Image-6.jpeg.WM.png: Image demonstrating Cofense's commitment to protecting critical infrastructure.

Image 6. Successful FEMA application

While it may be difficult to identify fraudulent returns simply by how the forms are filled out, scammers routinely come from the same IP address, use the same email accounts, or make use of the Google dot bug to register multiple claims from the same account.

And as horrible as it sounds, scammers are quick to jump on the bandwagon when other humans are in need. FEMA is aware that scammers are targeting their platforms with fraud, however they need to increase vigilance as scammers are actively moving to steal funds as quickly as possible. In addition, users may receive mail to their address stating that they received funds. If you didn’t file, tell FEMA! Be on the lookout for other types of FEMA fraud and if you see anything, make sure to report it to FEMA.