During the 2025 Los Angeles wildfires, cybercriminals exploited the disaster through various phishing campaigns. Analysis of 119 domains registered between January 8-13, 2025, revealed themes targeting emergency assistance, legal services, and reconstruction efforts. GoDaddy was the most used registrar, and .com the prevalent TLD. Fraudulent GoFundMe campaigns, fake merchandise stores, and wildfire-themed cryptocurrencies were identified. The scams aimed to cause financial losses, harvest personal information, and spread misinformation. Compared to Hurricane Helene, the wildfire scams were more reactive and locally focused. Mitigation strategies include stringent rules for fundraising platforms, continuous monitoring of fake websites, and caution against unverified cryptocurrencies. Author: AlienVault
Related Tags:
natural disaster exploitation
T1583.006
T1608.001
T1583.001
T1586
T1598
T1589
T1585
T1584
Associated Indicators:
lafire25.com
renewlosangeles.com
rebuildlosangeles.net
losangelesbuildingco.com
lafireinsuranceclaims.com
lafiresupport.org
uclafire.org
losangeleshaulingco.com
lawildfire.org