The email or letter looks official , and it contains an attention-grabbing message : The state is holding on to your unclaimed property , which may be worth hundreds of thousands of dollars . All you have to do is pay a fee upfront or provide your personal information and the money is yours . But the letters and emails are the work of scammers , not state officials . A growing number of people across the country are receiving Attack.Phishing these messages and some are falling for them , losing thousands of dollars or becoming victims of identity theft in the process . “ These scams are just rampant , ” said David Milby , director of the National Association of Unclaimed Property Administrators ( NAUPA ) , which represents state unclaimed property programs . “ The email from the public we ’ ve been getting about this has increased tenfold in the past year. ” Some scammers pretend Attack.Phishing they work for NAUPA and have even used its letterhead to make their pitch . Besides costing victims money , consumer advocates say this kind of fraud diminishes public trust in state agencies that handle unclaimed property and makes it harder for them to do their jobs . Unclaimed property is cash or other financial assets considered lost or abandoned when an owner can ’ t be found after a certain period of time . It includes dormant savings accounts and CDs , life insurance payments , death benefits , uncashed utility dividends and the contents of abandoned safe deposit boxes . There is plenty of it . In 2015 , unclaimed property agencies in the U.S. collected $ 7.8 billion and returned $ 3.2 billion to rightful owners , according to NAUPA . At last count in 2013 , states were holding on to $ 43 billion in unclaimed property . The treasurer , comptroller or auditor of each state maintains a list of abandoned property and runs an online database that anyone can search by name for free . Forty states and the District of Columbia also provide that information to a NAUPA-endorsed national website that the public can search . But fraudsters don ’ t bother reviewing or collecting Attack.Databreach that data . They simply contact people at random , using email , letters or phone calls , hoping to snare a victim . The scams play on the idea that people are simply getting back assets they ’ re owed . “ There ’ s an air of legitimacy to them , ” said John Breyault , a vice president at the National Consumers League . “ People think it ’ s their money . ”

When tragedy strikes , criminals invariably prey on people ’ s best intentions . Scammers have been using Hurricane Harvey-themed messages to trick Attack.Phishing people into opening phishing emails and links on social media sites , which can steal login information , infect machines with malware , or con victims out of money . US-CERT , a cybersecurity arm of the U.S. Department of Homeland Security , issued a warning about the threat on Monday . “ [ R ] emain vigilant for malicious cyber activity seeking to capitalize on interest in Hurricane Harvey , ” the advisory read . “ Emails requesting donations from duplicitous charitable organizations commonly appear after major natural disasters. ” As the advisory notes , a common scam during and after natural disasters is for fraudsters to pretend Attack.Phishing to set up relief funds and request donations . Fortune has seen several suspicious online profiles and personas that , although their legitimacy couldn ’ t be determined , raised several red flags : a small number of followers , unverified accounts , no apparent links to accredited charities , and no means to track where proceeds go . Zack Allen , threat operations manager at ZeroFOX , a social media-focused cybersecurity startup , says the ruse is a typical one . “ Cybercriminals are opportunists and , sadly , a crisis like Hurricane Harvey is a prime example of their preying on humanity ’ s empathy and trust , ” he wrote in an email to Fortune . “ People all over the world quickly rushed to their social media accounts to find the best avenues to donate to victims , but these same avenues are ideal for scammers who try to convince Attack.Phishing victims to donate to their fraudulent Hurricane Harvey cause. ” Kevin Epstein , vice president of threat operations at Proofpoint ( pfpt , +1.21 % ) , a cybersecurity firm that provides email protection , said that in recent days he has seen hurricane-related snares such as “ see this terrifying video ” or pleas to “ donate to the relief effort. ” One PDF attachment titled “ hurricane harvey – nueces county news release 11 – it ’ s your chance to help.pdf ” prompted people , when opened , to enter their email username and password , he told Fortune . It ’ s common for fraudsters to take advantage of news du jour to bait Attack.Phishing prospective victims . “ Consistently , attackers use world events as themes for their attacks , ” said Oren Falkowitz , CEO at Area1 Security , a cybersecurity startup that fights phishing Attack.Phishing . He noted that attacks related to tax season and national elections were examples of recent popular lures . A few tips you can use to stay safe : First , keep your software up to date . Hackers often try to compromise devices running outdated software that has security holes . Second , be careful what you click : Don ’ t accept or open unsolicited content from untrusted sources . ( You should even be wary of trusted contacts , as they too may have been compromised . ) Third , be sure the organizations to which you ’ re contributing money are legitimate . Here ’ s a rundown of some reputable charities assembled by Fortune . US-CERT further recommends reviewing these safety guidelines from by the Federal Trade Commission for Hurricane Harvey-related charitable giving , and cross-checking organizations on this directory of national charities from the Better Business Bureau .