Threat Research Report: Malicious Domain Activity During the Los Angeles Wildfires
Essential information
- Published
- 17/01/2025 18:13
- Modified
- 20/01/2025 09:59
- Tags
- 2025-01-17 los angeles wildfires natural disaster exploitation phishing social engineering
- Related entities
- 119 observables, 9 techniques (mitre), 1 others
Description
During the 2025 Los Angeles wildfires, cybercriminals exploited the disaster through various phishing campaigns. Analysis of 119 domains registered between January 8-13, 2025, revealed themes targeting emergency assistance, legal services, and reconstruction efforts. GoDaddy was the most used registrar, and .com the prevalent TLD. Fraudulent GoFundMe campaigns, fake merchandise stores, and wildfire-themed cryptocurrencies were identified. The scams aimed to cause financial losses, harvest personal information, and spread misinformation. Compared to Hurricane Helene, the wildfire scams were more reactive and locally focused. Mitigation strategies include stringent rules for fundraising platforms, continuous monitoring of fake websites, and caution against unverified cryptocurrencies.