Scammers Exploit California Wildfires: How to Stay Safe  | McAfee Blog

The devastating wildfires sweeping through Southern California have left countless neighborhoods in ruins, forcing thousands to evacuate and destroying homes in their path. While many people across the nation are moved to support those affected, this goodwill often becomes a target for opportunistic cybercriminals. McAfee researchers have discovered that social media networks have been flooded with deceptive images, showing how cryptocurrencies can be used to make donations for fire relief efforts. We believe these to be scams trying to dupe consumers.

Figure 1. Cryptocurrency Donation Requests

Here’s what you need to know to protect yourself from scams while providing genuine help to wildfire victims. 

Why Cyber Scams Spike During Disasters 

Natural disasters and major news events provide fertile ground for cybercriminals. Cliff Steinhauer, Director of Information Security at the National Cybersecurity Alliance, explains that people eager to help during a crisis can act emotionally, skipping necessary steps to verify the legitimacy of donation platforms or relief efforts. 

Scammers watch disaster news closely to craft scams tailored to the event. The emotional urgency surrounding a catastrophe like the California wildfires increases the likelihood of falling victim to these attacks. 

A recent McAfee survey found that 59% of Americans say they or someone they know has been the victim of an online scam. 84% of these people lost money to the scam, with an average loss of $1,471 – and nearly 1 in 10 scam victims lost over $5,000 

The Most Common Disaster-Related Scams 

Many scams during crises fall under the umbrella of social engineering, a tactic where attackers manipulate people into divulging sensitive information or funds. Here are some of the most common schemes to watch out for: 

Fake Donation Pages 

Scammers often create counterfeit websites or social media posts masquerading as legitimate charities. These pages may look convincing but divert donations into the hands of criminals. 

Phishing Attacks 

Emails, texts, and phone calls pretending to be from government agencies or well-known charities may attempt to steal personal data or payment details. 

Fraudulent Assistance Offers 

Victims of disasters are especially vulnerable. Scammers might pose as organizations offering aid, only to harvest sensitive information like bank account details or steal identities. 

Artificial Intelligence-Powered Deception 

Modern scammers use AI to craft phishing attempts that are harder to spot. Unlike older scams with obvious grammar mistakes, AI-generated messages can appear professional and persuasive. 

How to Avoid Becoming Scammed 

Whether you’re donating to wildfire relief efforts or seeking aid, these steps can help protect you: 

Verify Charities and Organizations 

Use trusted resources like Give.org or Charity Navigator to confirm the legitimacy of charities. 

Platforms like GoFundMe now provide verified lists of fundraisers for disaster relief. 

Check URLs and Domains 

Be wary of websites with misspelled URLs or unusual domain extensions. Look for “https” and padlock symbols to confirm the site is secure. 

Avoid Clicking Suspicious Links 

Phishing attempts often come via unsolicited emails, texts, or social media ads. Instead of clicking, go directly to a charity’s official website by typing its address into your browser. 

Scrutinize Social Media Ads 

Not all paid advertisements on platforms like Facebook or Instagram are legitimate. Avoid providing personal or payment information through these channels without verification. 

Watch for Vague Appeals 

Be cautious of campaigns that fail to explain how your donation will be used. Reputable organizations are transparent about how funds are allocated.