Cybercriminals use Hurricane Ian as lure for scams, theft of FEMA funds

Scammers are using the crisis faced by victims of Hurricane Ian to steal government funds and personal information, according to experts at several cybersecurity companies.

Hurricane Ian — the deadliest hurricane to strike the state of Florida since 1935 — directly caused the death of at least 137 people and $67 billion in insured losses. Thousands of people were displaced by the destruction caused by the category 4 hurricane.

But as recovery efforts coalesce, Cofense principal threat advisor Ronnie Tokazowski said he has seen evidence showing scammers are going after relief funds available to those in need from the Federal Emergency Management Agency (FEMA). 

One of the images shared by the scammers. (Tokazowski)

Tokazowski said a colleague in Nigeria shared screenshots with him of hackers speaking on WhatsApp about ways to steal disaster relief assistance. The screenshots show scammers instructing people of ways they can file fraudulent claims on

“In the first image, scammers instruct other scammers to select the option of ‘Hurricane/Hail/Rain/Wind Driven Rain’ as what type of damage occurred, and to select the option of ‘Tornado/ Wind’ damage,” he said. 

“In total, the documents and images shared by scammers are a total of 23 different steps, each of which details what to say, how to fill out the application, and what type of information can be used to file a fake claim. To note, the social security numbers (SSN) that are being used could be stolen, bought from the internet, or a variety of either.”

The scammers also use a platform called “” to check whether the stolen SSNs are verified and when they were created. In some cases, scammers may use romance-based schemes to get SSNs from victims, according to Tokazowski, who added that with the amount of information freely available on the dark web, there is little reason for attackers to pivot and start phishing for account information.

Tokazowski noted that the scammers typically use the same IP address and email account to submit their claims. 

Another screenshot shared by the scammers. (Tokazowski)

FEMA did not respond to requests for comment but Tokazowski told The Record that they have been in contact with the Secret Service, which told them that the agency is aware of the scams. 

He noted that Nigerian groups like Scattered Canary have been stealing FEMA funds since 2018 and did significant damage stealing funds dispersed during the COVID-19 pandemic. 

According to Tokazowski, while many of the groups launching these scams are based in Nigeria, they have money mules or accounts in the United States that are used to launder and wire the stolen money.

Contractors and donations

Several other cybersecurity experts confirmed that they too are seeing a wide array of scams related to stealing funds meant for Hurricane Ian victims. 

INKY’s Bukar Alibe said they have seen phishing scams related to the recent hurricane that originate from free mail senders like and 

“One campaign was sent to 112 recipients with the subject line of “RE; your family relatives who died during the last Hurricane.!!!” and a display address of “Natural Disaster Center.’ We have also seen the Red Cross and Small Business Administration being impersonated in phishing emails that claim to provide relief,” Alibe told The Record. 

“All had no links and attachments so it’s an assumption that phishers are using social engineering to get the recipient to reply back or call a phone number.”

SlashNext CEO Patrick Harr explained that they are seeing thousands of scams and credential stealing attacks. 

Many are scams centered around offering contractor services like painting, repair and clean-up. 

Dr. Francis Gaffney, senior director of threat intelligence at Mimecast, explained that scammers are also exploiting generosity in relation to the hurricane, sending spoofed emails containing URL links to cloned or fake charity websites that can be used to harvest user credentials, and financial data.

Gaffney and Herr urged those affected by the hurricane to be wary of sharing personal information with anyone. People should input any web address into the search bar and confirm that checks are undertaken to guarantee the authenticity of any organization and their online presence, Gaffney explained.

Both also warned of people being contacted by scammers alleging to be from the government, with Gaffney suggesting people look for the “.gov” tag to make sure an email address or website is legitimate. 

“People that reach out to say they are government agencies are not likely to be legit and giving personal information to contractors or insurance adjusters is not wise,” Herr said. 

“The best course of action is to initiate the contact or conversation yourself and check with government agencies, insurance companies and contractors to verify credentials, legitimate URLs and phone numbers.”

The post Cybercriminals use Hurricane Ian as lure for scams, theft of FEMA funds appeared first on The Record by Recorded Future.

Article Link: Cybercriminals use Hurricane Ian as lure for scams, theft of FEMA funds - The Record by Recorded Future