When tragedy strikes , criminals invariably prey on people ’ s best intentions . Scammers have been using Hurricane Harvey-themed messages to trick Attack.Phishing people into opening phishing emails and links on social media sites , which can steal login information , infect machines with malware , or con victims out of money . US-CERT , a cybersecurity arm of the U.S. Department of Homeland Security , issued a warning about the threat on Monday . “ [ R ] emain vigilant for malicious cyber activity seeking to capitalize on interest in Hurricane Harvey , ” the advisory read . “ Emails requesting donations from duplicitous charitable organizations commonly appear after major natural disasters. ” As the advisory notes , a common scam during and after natural disasters is for fraudsters to pretend Attack.Phishing to set up relief funds and request donations . Fortune has seen several suspicious online profiles and personas that , although their legitimacy couldn ’ t be determined , raised several red flags : a small number of followers , unverified accounts , no apparent links to accredited charities , and no means to track where proceeds go . Zack Allen , threat operations manager at ZeroFOX , a social media-focused cybersecurity startup , says the ruse is a typical one . “ Cybercriminals are opportunists and , sadly , a crisis like Hurricane Harvey is a prime example of their preying on humanity ’ s empathy and trust , ” he wrote in an email to Fortune . “ People all over the world quickly rushed to their social media accounts to find the best avenues to donate to victims , but these same avenues are ideal for scammers who try to convince Attack.Phishing victims to donate to their fraudulent Hurricane Harvey cause. ” Kevin Epstein , vice president of threat operations at Proofpoint ( pfpt , +1.21 % ) , a cybersecurity firm that provides email protection , said that in recent days he has seen hurricane-related snares such as “ see this terrifying video ” or pleas to “ donate to the relief effort. ” One PDF attachment titled “ hurricane harvey – nueces county news release 11 – it ’ s your chance to help.pdf ” prompted people , when opened , to enter their email username and password , he told Fortune . It ’ s common for fraudsters to take advantage of news du jour to bait Attack.Phishing prospective victims . “ Consistently , attackers use world events as themes for their attacks , ” said Oren Falkowitz , CEO at Area1 Security , a cybersecurity startup that fights phishing Attack.Phishing . He noted that attacks related to tax season and national elections were examples of recent popular lures . A few tips you can use to stay safe : First , keep your software up to date . Hackers often try to compromise devices running outdated software that has security holes . Second , be careful what you click : Don ’ t accept or open unsolicited content from untrusted sources . ( You should even be wary of trusted contacts , as they too may have been compromised . ) Third , be sure the organizations to which you ’ re contributing money are legitimate . Here ’ s a rundown of some reputable charities assembled by Fortune . US-CERT further recommends reviewing these safety guidelines from by the Federal Trade Commission for Hurricane Harvey-related charitable giving , and cross-checking organizations on this directory of national charities from the Better Business Bureau .