Cybercriminals Exploit Disaster Headlines With Fake Charity Emails, FBI and Experts Warn

Surge in donation scams during crises

The FBI is advising the public to heighten vigilance after observing a spike in phishing campaigns that piggy-back on natural disasters and other mass-casualty events. Fraudsters circulate emails that impersonate relief organisations, urging recipients to donate through links that instead siphon funds, steal credentials or install malware.

Domains registered within hours of a headline

Threat-intelligence firm DomainTools recently analysed newly minted web domains tied to high-profile disasters and viral news stories. The team recorded more than 106 million new domain names in 2024 alone—an average of 289 000 each day—and found that a measurable proportion were designed to mimic legitimate aid sites. Examples linked to the ongoing California wildfires included straightforward names referencing hard-hit communities and evacuation services. Similar patterns emerged for the Myanmar earthquakes, the war in Ukraine and other humanitarian crises.

Technical and social cues of a scam

Investigators note that many fraudulent emails are sent from free web-mail addresses and redirect users to unfamiliar web domains. Some campaigns rely on urgency tactics—claims that donations must be made immediately to save lives—while others pose as individuals supposedly stranded without resources. In many cases, the embedded links deliver credential-harvesting pages or covert malware downloads.

Security analysts recommend checking sender addresses, inspecting domain registration details and verifying charities through independent channels before donating. They also advise against transferring money or cryptocurrency to any entity encountered only through unsolicited messages.

Repeated warnings, ongoing risk

Earlier this year, security vendor Veriti flagged a wave of disaster-themed phishing tied to California’s wildfire season, identifying multiple malicious domains within 72 hours of major outbreaks. Despite public advisories from state authorities and federal agencies, scammers continue to exploit breaking news cycles, knowing that widespread media coverage and public empathy increase the likelihood of impulsive clicks.

Practical steps for users

• Delete suspicious emails immediately. Do not engage with links or attachments claiming to collect emergency donations.

• Verify through official channels. Cross-check charity names on government registries or recognised non-profit directories.

• Watch for urgency pressure. Legitimate organisations rarely request instant payment without proper verification.

• Apply the same caution to texts. Smishing campaigns mirror phishing tactics and target mobile users with disaster-related lures.

As wildfire season intensifies and global crises persist, cyber-fraud will track each headline. Careful scrutiny of donation appeals remains the most effective defence against these opportunistic attacks.

Photo Credit: DepositPhotos.com