Republished on January 18 with warnings that this hacking disaster will only get worse.
It shouldn’t come as a shock given what we’ve seen before — but it likely will. A genuine hacking disaster is heading for Gmail, Apple Mail, Outlook and other email users. But thanks to a new security report, you will at least know what to look out for. Just make sure you don’t fall victim to this, making a nightmare situation even worse.
A new report from Veriti has just warned that “as California grapples with devastating wildfires,” with entire communities affected, “those disasters are serving as fertile ground for cybercriminals seeking to exploit chaos and uncertainty.” The teams says it has identified “alarming trends in phishing scams linked to the ongoing disaster, highlighting the need for heightened cybersecurity awareness.”
The threat will come by way of emails with convincing URLs, which you can click through to get help, to find out more or even to donate. “In just 72 hours,” Veriti says it “identified multiple newly registered domains linked to the California fires.” The URLs are quite clearly targeting victims of the fires, which is unsurprising. By hitting those in need of urgent help and support, the campaign will hit its mark.
Some of those domains can be seen here:
- malibu-fire[.]com
- fire-relief[.]com
- Calfirerestoration[.]store
- fire-evacuation-service[.]com
- Lacountyfirerebuildpermits[.]com
- Pacificpalisadesrecovery[.]com
- boca-on-fire[.]com
- palisades-fire[.]com
- palisadesfirecoverage[.]com
The team gave one specific example of “a subdomain suggesting a phishing attempt designed to lure victims under the guise of fire-related assistance. Such tactics prey on people’s goodwill and desire to support recovery efforts.”
While 2025 is predicted to be the year where such scams will turn more to AI, with more compelling copy and imagery being more likely to successfully defraud people, the use of these simple URLs is decidedly old school. We will no doubt see the same with TikTok’s imminent ban and will continue to see campaigns oriented around global hotspots, mixing charity campaigns with offers of assistance.
“The California wildfires,” Veriti says, “underscore the dual tragedy of natural disasters and cyber exploitation. As hackers continue to refine their techniques, awareness and vigilance are critical in preventing against their attacks. By understanding the methods and tools used by cybercriminals, individuals and organizations can take proactive steps to minimize the risks.”
We have seen repeated warnings in recent weeks, as the holiday season spawned record numbers of attacks and scams targeting users across almost every conceivable email, messaging and browsing platform they might be using. Ultimately, though, successful attacks are all about the lure. And this one has all the right components.
Just don’t click through from any emails or download and open any attachments. If you want to find or offer help or assistance, use a search engine to find the website for organizations you’re familiar with or can find through trusted sources.
There are other scams using the California fires as a lure that you need to beware, with the latest a GoFundMe scam reported Saturday. “A victim of the Palisades Fire is warning the public after a fraudster stole video of her home burning down and used it to scam GoFundMe donors. The victim says family alerted her that a scammer had been using her Ring video. The footage shows flames from the Palisades Fire destroying her home… The scammer claimed he lost his home in the fires and was apparently using the Ring video to deceive potential donors. That GoFundMe has since been taken down.”
Rob Bonta — California’s Attorney General — has warned the public to be wary of such tactics. “We have people with big hearts who want to help, they want to donate, they want to support the victims… We also see scammers who are taking advantage of that goodness and that generosity and scamming and defrauding those individuals.”
As a local Consumer Protection official has warned, “when disasters like this happen, scammers are on the prowl. We’ve seen this time and time again—scammers creating new ways to reach out to people during times of crisis.”
Meanwhile, GoFundMe tells its users that “you can support those affected by donating to the verified fundraisers on this page. Our Trust & Safety team will continue to update this page with more fundraisers as they are verified,” adding that “Verified fundraisers for people affected by the recent wildfires in Los Angeles County.”
The public has also been warned to be extra vigilant given that scammers can now use AI to make their words and images much more convincing than in the past — these days it’s much harder to tell what’s real from what’s not. And he newly secured domains should serve as warning that there’s more to come.
