State cybersecurity authorities issue warning over Hurricane Florence scams

As Hurricane Florence rips through the East Coast, scammers and hackers will very likely look to exploit the storm for financial gain.
hurricane florence
Cameras outside the International Space Station captured a stark and sobering view of Hurricane Florence the morning of Sept. 12 as it churned across the Atlantic in a west-northwesterly direction with winds of 130 miles an hour. Authorities are warning about online scams in the wake of the storm. (NASA)

As Hurricane Florence rips through North and South Carolina, scammers and hackers will very likely look to exploit the storm for financial gain or other malicious purposes, an inter-state cybersecurity organization has warned.

Florence’s landfall — and the storms that follow — are expected to “propel the emergence of new and recycled scams involving financial fraud and malware,” the Multi-State Information Sharing and Analysis Center (MS-ISAC) said in an advisory Friday.

Hurricane Florence made landfall in North Carolina Friday morning. Though downgraded to a Category 1 storm, Florence has brought flash flood warnings and already caused more than 600,000 power outages in North Carolina, according to the state’s department of public safety.

In recent days there have been a marked increase in registered domains related to Hurricane Florence with words like “compensation” and “funds,” indicating possible fraud, MS-ISAC said. Thirteen domains associated with Florence were registered on Monday, and that number jumped to 51 on Tuesday and 65 on Wednesday, the threat-sharing center added.


The MS-ISAC, which includes representatives from all 50 states, also predicted that malicious computer users will send phishing emails related to Florence that contain embedded malware or attempt to redirect users to infected websites.

The phishing and scamming attempts are expected to continue as the Carolinas recover from the storm.

“It is highly likely that more scams and malware will follow over the course of the recovery period,” the advisory says, cautioning internet users to be careful where they click. New Jersey’s cyberthreat-sharing agency also circulated the notice.

North Carolina’s Department of Information Technology has also warned computer users of phishing expeditions tied to the disaster, as has the Department of Homeland Security’s threat-sharing center.

Scott Aaronson, vice president of security and preparedness at trade group Edison Electric Institute, urged electric customers to “be wary of criminals impersonating electric company employees.”


Opportunistic scammers will try to exploit natural disasters, Aaronson told CyberScoop, adding that electric customers should know that utilities “do not require payment to restore electricity after a natural disaster or other related outage.” 

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts