Checklist 407: Scams Sparked by SoCal Fires

Scammers Exploit California Wildfires: How to Protect Yourself

In times of crisis, scammers often exploit goodwill and chaos to line their pockets. The recent wildfires in Los Angeles, which have claimed 25 lives, destroyed over 12,300 structures, and forced thousands to evacuate, are no exception. As relief efforts gain momentum, so do fraudulent schemes designed to deceive donors and victims alike.

A History of Crisis-Driven Scams

Podcast hosts highlighted that scammers have repeatedly leveraged crises for their gain. From pandemic-related fraud to financial collapse scams and even emotional manipulation following Queen Elizabeth II’s death, these schemes are nothing new.

Wildfire Scams: Tactics and Tools

A McAfee article sheds light on the latest schemes surrounding the California wildfires:

• Fake Donation Pages and Phishing Attacks: Scammers use generative AI to create realistic, emotionally charged images and convincing messages. AI-generated phishing emails lack the telltale errors of older scams, making them more persuasive and harder to detect.
• Fraudulent Assistance Offers: Posing as aid organizations, scammers target wildfire victims, stealing personal information like bank account details and social security numbers.
• Celebrity Impersonation: Fake accounts featuring stars like Emma Watson and Kim Kardashian promote non-existent charities, exploiting the public’s trust.

Steve Grobman, CTO of McAfee, emphasized the dangers of AI in these scams, noting that “these tools are helping scammers misrepresent reality and exploit public emotions.” Viral but fake images, such as the Hollywood sign engulfed in flames, highlight this growing threat.

Tips to Avoid Scams

To protect yourself, McAfee recommends:

1. Verify Charities: Use trusted resources like Give.org or Charity Navigator. Platforms like GoFundMe now offer verified fundraiser lists.
2. Check URLs and Domains: Look for “https” and the padlock symbol to ensure site security. Avoid misspellings and unusual domain extensions.
3. Avoid Clicking Suspicious Links: Independently research any charity or organization before donating.

Apple’s Charitable Response

Apple has reintroduced donation links across its services, including Apple Music, Apple Podcasts, Apple News, and the App Store. Donations can be securely made to the Red Cross in amounts ranging from $5 to $200.

Final Thoughts

While the urge to help is natural, it’s crucial to stay vigilant. Research donation avenues thoroughly, avoid unsolicited links, and stick to trusted organizations. By taking these precautions, you can ensure your generosity supports those in need without falling victim to scams.

Smishing Scams: How Apple Protects You and What to Watch Out For

Phishing isn’t limited to emails—scammers have long exploited text messaging, a tactic known as smishing (SMS phishing). While Apple offers some protection for iPhone users, scammers are finding creative ways to bypass those safeguards, posing risks even to tech-savvy individuals.

Apple’s Defense Against Smishing

Apple has implemented a security measure to protect users from malicious links. If a text message containing a link is sent from an unknown number or email not listed in your Contacts, iMessage disables the link by default. However, Apple confirmed via a Bleeping Computer report that replying to the message or adding the sender to Contacts will re-enable the link—a potential weak point scammers are exploiting.

How Scammers Exploit the System

Scammers have crafted messages that pressure recipients into enabling links. Two common examples highlighted in the report include:

1. Missed Delivery Scams: Claiming a package will be returned unless action is taken within 24 hours.
2. Toll Payment Scams: Threatening “excessive late fees and possible lawsuits” for unpaid tolls.

These messages include instructions to enable links manually, such as replying “Y” or copying the link into a browser. While these steps may seem unusual, scammers leverage urgency and familiarity to trick victims.

Why This Works

According to Bleeping Computer, scammers capitalize on behaviors users have grown accustomed to, such as responding with “STOP” or “YES” to confirm or opt out of messages. This familiarity makes the request feel legitimate. However, responding confirms to scammers that the recipient is a potential target, increasing the likelihood of future phishing attempts.

How to Stay Safe

Bleeping Computer and security experts recommend:

1. Don’t Reply or Click Links: Ignore messages from unknown senders, even if they appear urgent.
2. Verify Directly: Contact the company or organization directly to confirm the legitimacy of any message.
3. Educate Others: Share this information with friends and family to help protect them from these scams.

Final Thoughts

Smishing scams thrive on urgency, fear, and familiarity. While Apple’s protections reduce risk, user awareness is crucial to avoiding these traps. If you receive a suspicious message, don’t engage—delete it and verify independently.