Phillipines Typhoon Email Scams and Phishing Attacks

Email professionals know that whenever there's a natural disaster - regardless of how terrible - spammers and malware writers are quick to try and exploit it. In this case, emails that try to look like charitable organizations try to get people to visit malware-laden websites. US-CERT just released a note on these scams: US-CERT encourages users to take the following measures to protect themselves:

• Do not follow unsolicited web links or attachments in email messages
• Maintain up-to-date antivirus software
• Review the Recognizing Fake Antivirus document for additional information on recognizing fake antivirus.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for additional information on social engineering attacks.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for additional information on avoiding email scams.
• Review the Federal Trade Commission's Charity Checklist.
• Verify the legitimacy of the email by contacting the organization directly through a trusted contact number. Trusted contact information can be found on the Better Business Bureau's National Charity Report Index.

At CudaMail we're constantly updating our filters and are keeping a watch on developing attacks. Original story: https://www.us-cert.gov/ncas/current-activity/2013/11/12/Philippines-Typhoon-Disaster-Email-Scams-Fake-Antivirus-and