Fraud After Environmental Disasters: How Financial Institutions Are Adapting to a Surge in Opportunistic Attacks

Natural disasters don’t just disrupt infrastructure – they destabilize the normal patterns banks rely on to detect fraud.

When systems are down, impacted branches are closed, customers are displaced, and transaction behaviors shift overnight, fraudsters move quickly to exploit the gaps. In the days and weeks following floods, hurricanes, wildfires, and other emergencies, banks are seeing measurable increases in both third-party and first-party fraud – ranging from account takeovers and phishing attacks to synthetic identity exploitation and opportunistic claims abuse.

For example, following the July 2025 floods in Texas, federal officials issued warnings about a rise in disaster-related scams targeting impacted communities. Fraudsters posed as aid agencies, charities, and utility providers—using phone calls, emails, texts, and even in-person visits to exploit vulnerable residents.

Disaster-Related Fraud Tactics

After other recent disasters like Hurricane Ian or the Maui wildfires, financial institutions reported surges in account takeovers, phishing attempts, and fraudulent claims. Attack tactics include:

• Crime rings leveraging synthetic identities that have been seeded and nurtured in the system for months.
• Opportunistic first-party fraud – customers knowingly submitting false hardship claims, manipulating payment deferral programs, or disputing legitimate transactions as unauthorized.

In both cases, the disruption caused by a natural disaster lowers both institutional defenses and customer vigilance, making it easier for fraud to slip through undetected.

Increasingly, fraudsters are also phishing via spoofed relief agency emails or texts claiming to be from FEMA or a local utility company. In February 2025, the Illinois Department of Healthcare and Family Services was targeted by a phishing campaign that originated from a compromised government email account. The attacker successfully tricked an employee into sharing credentials, ultimately exposing the personal information of over 900 individuals – including Social Security numbers, state ID details, and Medicaid case data. While the agency acted quickly to contain the breach and notify affected consumers, the incident underscores how easily credential-based fraud can unfold when attackers exploit trusted channels and operational strain.

How FI Fraud Teams Are Responding

For fraud teams, these events present a dual challenge: distinguishing legitimate anomalies from actual threats – at scale and under pressure. Customers may be logging in from new devices, reaching out from unfamiliar phone numbers, or requesting expedited access to funds – all behaviors that could raise red flags under normal circumstances but are expected during a crisis. Without proper tuning, fraud models can either underperform – missing real attacks – or overcorrect, burdening already-stressed contact centers with false positives.

In response, leading institutions can shift from reactive to proactive approaches, including:

• Predefining rule sets and escalation protocols for use when FEMA declarations hit certain counties or ZIP codes.
• Adjusting fraud thresholds dynamically based on region and time since event, helping to fine-tune anomaly detection without overwhelming teams.
• Building cross-functional working groups between fraud operations, business continuity, and data science teams, enabling faster iteration on risk models in the immediate aftermath of a crisis.

Biometric tools and step-up authentication protocols can also provide secure access to customers who’ve lost access to their primary device, ID, or stable Wi-Fi. And with synthetic ID fraud on the rise, several institutions are deploying device and behavioral analytics to weed out patterns consistent with fabricated or manipulated identities – especially in relief program applications and new account openings, which tend to spike post-disaster.

Banks’ Role in Protecting Customers

In the aftermath of a disaster, banks should move quickly to educate customers about heightened fraud risks. Timely alerts—delivered through email, app notifications, and social media—can warn of common scams like phishing messages impersonating FEMA, utility companies, or the bank itself. Simple reminders to avoid clicking suspicious links or sharing credentials can make a big impact. Some institutions are also distributing post-crisis fraud guides and training frontline staff to reinforce key messages during customer interactions. These efforts help reduce exposure and build trust when customers are most vulnerable.

Ultimately, fraud in the wake of natural disasters isn’t a niche concern – it’s a growing operational and reputational risk. Financial institutions that treat post-disaster fraud as a distinct threat vector, with tailored detection strategies and rapid-response coordination, are better positioned to protect their customers and minimize exposure.

Bottom line: As we enter another season of weather volatility, fraud resilience needs to be as adaptive and local as the disasters themselves.

Get Real-Time Best Practices From Peer Institutions

From phishing campaigns launched in the wake of natural disasters to the surge in synthetic identity fraud and first-party abuse, today’s fraud landscape is anything but static. That’s why we bring together senior fraud, risk, and operations leaders from top banks and credit unions to compare real-world tactics—not just theoretical frameworks.

At Auriemma’s Bank Fraud Control Roundtable, you’ll sit alongside your peers—SVP-level executives and fraud strategy heads—to dissect emerging trends, benchmark responses, and learn what’s working (or not) across the industry. For more information on membership, contact Zeenat Shah.