Disasters bring out the best in people; they also bring out the worst in people.
The current California wildfires are bringing out the best in people through acts of bravery and community support, including an outpouring of donations.
They’re also bringing out the worst in people as cybercriminals and scammers use the wildfires as another opportunity to take advantage of people’s desire to help, lining their own pockets instead of providing badly needed aid.
As with any major event, the best way to help those affected, while protecting yourself, is to be careful to avoid scams and make sure your donations get to those affected rather than scammers and cybercriminals.
The good news is that there are some simple steps you can follow to help protect yourself.
1. Give to known, reputable charities: Scammers set up fake charities and abuse the brands of existing aid organizations. For the California wildfires, the Governor’s Office of Emergency Services has set up a special website that lists organizations you can give to that will help those affected by the wildfires (https://response.ca.gov/donate.html). Also, avoid “crowdfunding” campaigns: you just can’t be sure who’s going to get that money.
2. Don’t click links: If you get emails or SMS messages asking for donations, don’t click on the links. Instead, go to a reputable charity’s site directly by typing the website address in your browser. If you’re not sure of the right link for a charity, you can go to the page the Governor’s Office of Emergency Services has set up.
3. Verify the website: All reputable charities use secure websites for their donations. This helps keep your information safe. It also gives you a way to verify the website really is who it says it is. You can verify the website by clicking on the “lock” icon in your browser and checking the certificate it shows – it isn’t enough to simply see the lock icon since cybercriminals frequently use legitimate certificates to secure their own fraudulent websites. Here is an example of the certificate for the Governor’s Office of Emergency Services site.
4. Make the call yourself: Charity scams often happen through calls you receive or people who show up at your door. You can’t be sure an operator on an unsolicited phone call or someone at your door really is working for who they say they are. Your best bet is to give online through the charity’s website or by calling on a number listed on their website.
5. Finally, if you need information about the fires, power outages, or fire recovery resources, make the California Governor’s Office of Emergency Services site your first stop (http://response.ca.gov). It’s your best, most trustworthy source and gateway to other resources.
When it comes to disasters, cybercriminals follow crowds and unfortunately actively lure victims by pretending to represent legitimate causes. They may make use of fake websites, spoofed emails, and fraudulent ads and social media posts—and we encourage donors to proceed with caution. Organizations, for their part, should implement layered defenses at the email gateway, network edge, and endpoint to protect against malicious content, links, and more.