US-CERT recently warned users of potential email scams citing the earthquake in Nepal. The scam emails may contain links or attachments that may direct users to phishing or malware infected websites. Phishing emails and websites requesting donations for fraudulent charitable organizations commonly appear after these types of natural disasters.
Users are encouraged to take the following measures to protect themselves:
- Do not follow unsolicited web links or attachments in email messages.
- Maintain up-to-date antivirus software.
- Review the Federal Trade Commission’s Charity Checklist.
- Verify the legitimacy of the email by contacting the organization directly through a trusted contact number. Trusted contact information can be found on the Better Business Bureau National Charity Report Index.
- Refer to the Security Tip (ST04-014) on Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.