California’s deadly wildfires present opportunity for email scammers

The gift card schemes are very low-tech, but they take advantage of people's sympathies after a deadly natural disaster, an email security consultant says.
The Woolsey Fire burned 97,000 acres in Southern California. (Getty Images)

The deadly and destructive wildfires that swept across California this month are a ripe opportunity for cybercriminals looking to swindle victims and individuals looking for ways to contribute to recovery efforts, a cybersecurity firm has warned.

Agari, which specializes in email security, issued an advisory last week that email scams referencing the Camp Fire, which has killed 88 people and burned 153,000 across Northern California, and the Woolsey Fire, which killed three and scorched 97,000 acres just north of Los Angeles, are already surfacing.

In particular, some of the scam attempts target workplaces by impersonating chief executive officers asking employees to chip in for gift cards.

One attempt discovered by Agari is a note from a person claiming to be a company’s CEO, asking the recipient to buy four cards worth $500 each on Google Play, through which the search giant sells apps, music, movies and mobile devices. (Agari did not identify the company.) The message itself is sloppily composed and full of obvious grammatical mistakes, but it makes reference to the recent wildfires.


“Please get the me the Google Play gift cards. $500 denomination, I need $500 X 400 cards,” the note reads. “We have some few clients caught up in the California wildfire disaster I urgently need to send gift assistance.”

If the recipient actually purchases the cards and replies, he or she is then asked for the cards’ serial numbers, which can then be redeemed by the scammer.

John Wilson, Agari’s field chief technology officer, said the message’s composition is a sign it likely originated in Nigeria, which he said is a hotbed for email scams. But the mention of fires in California suggests the would-be scammers are at least abreast of events that could solicit money from people looking to help the victims.

“It’s a very low-tech scam,” Wilson said. “They’re Nigerian teenagers and young adults. The more the disaster is publicized the more likely someone in Nigeria heard about it and was able to put that to use.”

Online scams are common occurrences after natural disasters. During Hurricane Florence, which battered the East Coast in September, the North Carolina Department of Information of Technology warned residents to be cautious of solicitations for storm relief, stating that efforts to steal people’s personal identifying information or money can often come dressed like a charitable appeal. The U.S. Department of Homeland Security and Multi-State Information Sharing and Analysis Center issued similar advisories.


Such attempted cybercrimes tend to be “spray and pray” efforts, Wilson said. Perpetrators, he said, usually begin by finding the name of a company’s CEO, then the email addresses of some of that firm’s workers, who are sent a message from a phony address posing as the boss. But Wilson added that the typically poor grammar of the emails and the obvious fact that a gift card for apps and songs is not very useful in a wildfire shows that the scams are not actually that complex.

“If that was properly worded and was asking for something like an Amex gift card useful to someone who just lost their home it might work,” he said. “This seems to be a half-assed effort if you ask me.”

Still, at least a few of these scams are successful. Wilson said many of Agari’s clients receive at least five attempts per week that make it past basic email spam filters. And email scams are increasingly shifting toward payments in gift cards, he added, saying that financial institutions have gotten better at detecting fraudulent wire transfers and reporting them to law enforcement.

Losses due to online gift card scams are on the rise, according to the Federal Trade Commission, which reported $40 million in consumer losses in 2017 and $53 million through the first nine months of this year.

Benjamin Freed

Written by Benjamin Freed

Benjamin Freed was the managing editor of StateScoop and EdScoop, covering cybersecurity issues affecting state and local governments across the country. He wrote extensively about ransomware, election security and the federal government’s role in assisting states and cities with information security.

Latest Podcasts