Blog post
From Disaster to Deception: How Fraudsters Are Preying on FEMA’s Hurricane Relief Efforts
David Maimon
Published
November 14, 2024
"Never let a good crisis go to waste."
Unfortunately, this is a saying widely embraced by fraudsters on the dark web. From natural disasters to economic downturns, major crises affecting American consumers often involve state and federal government intervention in the form of financial assistance. When millions or billions of dollars in taxpayer funds need to be dispersed quickly to disaster victims, fraudsters will do everything possible to intercept or re-direct those funds for their own illicit gain. Recent events demonstrated this clearly.
In late September and early October, Hurricanes Helene and Milton struck the southeastern region of the United States. These major storms caused widespread destruction and significant loss of life. In Florida, Helene caused catastrophic damage, particularly in the Big Bend region. Coastal communities were flattened, and storm surges reached up to 20 feet in some areas. In response to the widespread devastation, federal and state agencies launched extensive relief operations. The Federal Emergency Management Agency (FEMA) coordinated with local authorities to provide aid, including search and rescue missions, distribution of essential supplies, and infrastructure repair. Moreover, FEMA has allocated disaster funds to be distributed among the storm victims, aimed at covering a wide range of costs including displacement, medical needs, home repair, and rental assistance, just to name a few.
Unfortunately, alongside genuine victims of the storm, FEMA's relief efforts have also attracted the attention of fraudsters. On October 10, 2024, a fraudster we monitor on Telegram shared a post (below) alerting others in his network to this government resource, boasting that he had already submitted ten fraudulent applications. He went on to encourage his followers to share information on Florida residents that could be used to file additional fraudulent relief claims.
On October 13, 2024, the first tutorial for the submission of fraudulent disaster relief applications became available over the online fraud ecosystem. The tutorial included a list of screenshots taken from FEMA disaster relief application portal walking would-be fraudsters step-by-step through the process.
Alongside the tutorial, the fraudster compiled a list of guidelines and resources for those interested in committing this type of fraud. For instance, in the images below, you can see the fraudster advertising a list of Tampa residents’ “Fullz” (full personal information, including name, date of birth, Social Security number, and address) for sale, and even advising that people following their tutorial use a VPN, Tor, or a proxy to obscure their true IP address:
The fraudster even provided a tutorial on how to access a bank account via mobile devices and link it to the fraudulent application. (To protect the bank in question, we're not going to include these screenshots).
Within hours, these images spread across multiple Telegram marketplaces, reaching hundreds of thousands of users. Indeed, in just one of these markets, the content was viewed by over 76,000 individuals.
On October 21, several new screenshots surfaced within online fraud communities, appearing to depict at least one successful fraudulent disaster relief application. The collection of screenshots below appear to confirm the applicant's eligibility for federal assistance, and show what appears to be a deposit of FEMA funds into the fraudster's account in the amount of $700.
It took the online fraud ecosystem about two weeks after these hurricanes to mobilize, develop their strategies and resources, and begin selling their knowledge of how to defraud disaster relief programs. While we don’t yet know the full extent of the fraudsters' success in achieving their malicious aims, there is strong reason to believe that the use of stolen identities exacerbates the challenges for genuine victims coping with the disaster’s aftermath.
Additionally, the use of stolen identities to submit large volumes of fraudulent disaster relief applications can clog FEMA’s processing pipelines and, increase wait times for real victims, potentially resulting in significant financial losses. As we saw during the COVID-19 pandemic and as still plainly exists today, government relief programs that prioritize speed at all costs risk creating vulnerabilities that can be exploited by increasingly sophisticated online fraud actors.
This blog is part of a series called Dark Corners: Research Notes from the Dark Web.