Disaster Fraud in 2025: Texas Flood Scams & Fake Charities
When the July 2025 floods swallowed much of Kerr County, Texas, the images of families stranded on rooftops and entire neighborhoods under water pulled at everyone’s heart. Relief agencies and first responders moved in fast—but so did scammers. In the chaos of disaster, exploitation found its way in.
Researchers at PreCrime Labs, the intelligence arm of BforeAI, uncovered a surge of digital trickery. Within days, dozens of freshly registered domains popped up online, masquerading as charities. Some were fishing for donations, others baited volunteers into handing over personal data. A few even dangled “support merchandise” that had no ties whatsoever to real relief efforts.
The psychology is simple: people want to help, and in their rush to do good, they don’t always pause to verify. Fraudsters know this. They count on human empathy becoming their best weapon.
To unpack how these schemes operate, Techopedia spoke with Rishika Desai, Threat Researcher at BforeAI. She explained the playbook behind disaster fraud, the technology that fuels it, and—most importantly—how communities and organizations can stay one step ahead.
%20(16).jpg "Disaster Fraud in 2025: Texas Flood Scams & Fake Charities")
Key Takeaways:- Over 70 fake domains surfaced in the wake of the Texas floods, many copying disaster relief campaigns to steal money or data.
- Scammers borrowed credibility from trusted brands (like NBA merchandise) to make their fake charity drives look legitimate.
- AI-powered tools, including Domain Generation Algorithms (DGAs), allowed fraudsters to spin up scams at scale almost overnight.
- Many malicious sites slipped past early blocklists, showing how much faster attackers are moving compared to defenders.
- The best shields remain simple, human-centered defenses: raising awareness, using verified domains, and taking a moment for basic authenticity checks before donating or volunteering.
- Over 70 fake domains surfaced in the wake of the Texas floods, many copying disaster relief campaigns to steal money or data.
- Scammers borrowed credibility from trusted brands (like NBA merchandise) to make their fake charity drives look legitimate.
- AI-powered tools, including Domain Generation Algorithms (DGAs), allowed fraudsters to spin up scams at scale almost overnight.
- Many malicious sites slipped past early blocklists, showing how much faster attackers are moving compared to defenders.
- The best shields remain simple, human-centered defenses: raising awareness, using verified domains, and taking a moment for basic authenticity checks before donating or volunteering.
Patterns Emerging From the Texas Flood Scams
In its latest 2025 Texas flood crisis report, BforeAI revealed a troubling trend: more than 70 suspicious or outright malicious domains tied to the floods were identified, with 13 of them popping up in just the first 10 days after the waters rose.
What’s even more unsettling is how prepared these scammers seem to be. Researchers noticed that 46 of these domains had been quietly updated earlier in the year—almost like criminals were keeping their digital weapons loaded, just waiting for the next disaster to exploit.
To tug at people’s emotions, many of these fake donation sites wore masks of compassion with names like floodaid2025.org and prayfortexas.store. Others tried to sell “solidarity” through T-shirts, tote bags, or volunteer sign-up pages. Some even posed as legal aid resources. But behind the façade, their true intent was far colder—stealing personal information and hard-earned money from people who only wanted to help.
Example: A freshly registered domain designed to sell items under the Texas flood theme. Source: BforeAI
Speaking with Growthy.web, BforeAI’s Desai noted:
“During the Texas floods, we saw multiple well-known brands being pulled into fake relief campaigns. One striking example was NBA merchandise being promoted as if it were part of an official fundraising effort, even though the NBA had never made such an announcement.”
Example: A fraudulent site pretending to showcase the NBA’s support for Texas floods. Source: BforeAI
She emphasized that blending global brands into a disaster narrative is unusual—even in the all-too-familiar playbook of fraudsters who weaponize tragedy.
On the technical side, the deception was just as calculated. Scammers leaned on low-cost, short-lived hosting, bounced domains across providers, and shielded themselves with WHOIS privacy services. Shockingly, fewer than 10% of these malicious sites were flagged on VirusTotal or major threat intelligence feeds before BforeAI’s intervention.
New Technologies Driving Disaster Fraud
What’s happening in Texas right now feels alarmingly familiar—but far more advanced. Just like during Hurricane Harvey in 2017, scammers are preying on human generosity in the middle of tragedy. But this time, they’re armed with sharper tools, faster systems, and frighteningly realistic setups.
Today’s attackers aren’t just throwing together basic scam sites anymore. With the help of modern artificial intelligence (AI) and easy-to-use hosting platforms, they can spin up dozens of fraudulent websites in a matter of minutes. All it takes is the right prompt and a free website template, and suddenly, a fake donation page looks polished enough to fool even the sharpest eye. Add in search engine optimization tricks and targeted ads on social media, and these scams reach victims at scale with frightening speed.
But it goes deeper than just websites. As cyber expert Desai explains, AI is now being used to automate domain registrations through something called a Domain Generation Algorithm (DGA). In a disaster scenario, this gives scammers an edge we’ve never seen before—allowing them to flood the internet with fraudulent domains faster than legitimate relief organizations can even set up their own.
In the recent Texas floods, words like “flood,” “Texas,” and “2025” were churned together automatically, producing a wave of fake domains. Instead of taking hours or days, attackers could launch dozens of sites in seconds. For desperate victims searching for help, that split-second advantage is all it takes for scammers to cash in.
Protecting Communities Against Fake Charity Scams
It’s a cruel reality: when disaster strikes, fake charities are often the first to surface. People open their wallets out of compassion, but attackers exploit that kindness with surgical precision.
Desai points out a worrying gap—blocklists and fraud filters often take too long to catch up. By the time malicious URLs are flagged, many victims have already handed over money or personal details. “The only real defense is speed and vigilance,” she warns. “We need to detect and neutralize scams before they strip people of their trust, data, or life savings.”
But this isn’t just about technology—it’s about awareness. Desai stresses the importance of making verified domains visible during crises. Imagine if every government briefing, relief agency post, or emergency alert included a clear list of official websites. That simple step could steer people away from traps and toward legitimate help.
Collaboration is another key. “When fraud cases are reported quickly, government agencies and tech companies can move together to take sites down and spread the word,” Desai emphasizes. “That kind of partnership can turn the tide against these scams.”
And finally, it comes down to something surprisingly simple: checking the details. Looking at when a domain was created, whether contact info is inconsistent, or if the site feels rushed can reveal a lot. Those few seconds of scrutiny could save thousands in donations and prevent fraudsters from winning.
The Bottom Line
The recent Texas floods were heartbreaking, and they reminded us of something bigger than the storm itself—how fast fraud is changing. Scammers wasted no time twisting tragedy into opportunity. The scams may look familiar, but today they’re sharper, quicker, and tougher to catch.
BforeAI’s report paints a sobering picture: within just a few days, fraudsters launched dozens of fake websites. Their speed easily outpaces the defenses most organizations have in place.
Bridging that gap isn’t a solo effort—it’s a shared mission. Agencies, security professionals, and everyday citizens must work together. Sharing trusted donation links, reporting suspicious sites, and keeping our guard up doesn’t just stop scams—it protects people when they’re at their most vulnerable.
FAQs
1. How did scam domains multiply so quickly after the 2025 Texas flooding?
BforeAI found over 70 suspicious domains spun up in a matter of days. Many were auto-generated, built to mirror disaster relief efforts and trick well-meaning donors.
2. What tricks do fraudsters use to exploit disaster relief and donations?
They grab domains with urgent, crisis-driven keywords, copy charity branding, push fake merchandise, or create bogus volunteer and legal aid pages—all with one goal: to harvest money or personal information.
3. How do these new scams compare with those from past disasters?
The playbook hasn’t changed much since events like Hurricane Harvey—but the tools have. Automation and AI now make scams faster, slicker, and harder for both people and systems to flag.
4. What can authorities and individuals do to fight back?
Authorities can act fast by spotlighting legitimate donation channels and shutting down bad actors quickly. For individuals, protection comes down to caution: stick with well-known charities, double-check site details, and be skeptical of urgent appeals that appear out of nowhere.
References:—
- Advisory: 2025 Texas Flooding Crisis Scams (BforeAI)
- Avoid Charity Schemes (FBI)
%20(16).jpg&description=Disaster Fraud in 2025: Texas Flood Scams \u0026 Fake Charities){kind=link}