In the aftermath of the devastating earthquake in Nepal, just like major disasters before it, human nature is often at its best, but for some, it is at its worst. Following major disasters, scammers usually send out floods of email in an attempt to either solicit donations for fake charities, or else to lure users into clicking links containing malware or responding to phishing attempts.
NYU encourages users to take the following measures to protect themselves:
- Do not follow unsolicited web links or attachments in email messages.
- Maintain up-to-date antivirus software.
- Review the Federal Trade Commission’s Charity Checklist.
- Verify the legitimacy of the email by contacting the organization directly through a trusted contact number. Trusted contact information can be found on the Better Business Bureau’s National Charity Report Index.
- Refer to the CERT Security Tip (ST04-014) on Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
If you believe you have already fallen victim to one of these scams, take appropriate action to mitigate risk to yourself. If you responded to a phishing email, change the passwords for accounts associated with your responses and monitor for any suspicious activity from your accounts. If you gave money to what you believe to be a fraudulent charity, contact your banking institution for advice on how to prevent or reverse any unapproved transactions. Finally, scan your computer for any possible infections using an antivirus program such as Symantec Endpoint Protection, available to most NYU community members on the AskITS page of NYUHome.
If you have additional questions, please contact NYU IT Technology Security Services.