Hurricane Melissa Jamaica Relief Scams

Executive Summary

At the end of October 2025, Hurricane Melissa made landfall in Jamaica with catastrophic force. The Category 5 storm devastated the island’s infrastructure, power grid, and communities. In the immediate aftermath, survivors and relief workers were thrust into a period of deep vulnerability, with homes destroyed; communications disrupted, and essential services severely limited.

It is within these moments of crisis that cybercriminals and fraudsters exploit public goodwill. Netcraft observed a several online threats following the disaster, including phishing campaigns, fake charity drives, and fraudulent financial-relief websites that posed as legitimate aid organizations. These scams target people’s compassion, urgency, and confusion, using the promise of help to deliver harm.

This pattern is not unique to Hurricane Melissa. History shows that almost every major disaster or humanitarian emergency is quickly followed by a spike in fraudulent online activity. Similar scams emerged after other natural disasters occurred and during the COVID-19 pandemic. Attackers rapidly adapt their tactics to whatever crisis dominates headlines, often launching convincing donation or relief portals within hours of the first reports.

These operations share several characteristics:

• Speed – fake domains and social media accounts appear almost immediately after an event.

• Emotional manipulation – scammers exploit empathy and fear to lower victims’ caution.

• Low sophistication – many threat actors use copied templates, static images, or stolen branding.

The online response to Hurricane Melissa follows this established pattern. What begins as a moment of global sympathy becomes an opportunity for cybercriminals to harvest donations, personal data, and financial details.

Hurricane Melissa Relief Fund

One notable example (Figure 1), hxxp://www[.]donate[.]melissarelieffundtojamaicans[.]online/ was identified, which stood out due to lack of sophistication.

Figure 1.

When a visitor selected a donation amount, the site redirected them to a fixed page, for example (Figure 2): hxxp://www[.]donate[.]melissarelieffundtojamaicans[.]online/donate10000.html. Upon examining the supposed BTC QR code, we saw that it is just a static image file named “Screenshot_20251102_185430.png.”

Figure 2.

Further examination of the page revealed that it was saved locally, as indicated in the comment  “<!-- saved from url=(0053)file:///C:/Users/Della%20Elwis/Desktop/bb/melisa.html -->”

Visitors were offered several donation tiers; each linked to a different BTC address (Figure 3). Although the site displayed a number of recent contributors for each tier, blockchain analysis confirmed that none of the BTC addresses had any transactions. It is highly likely that this was created purely to appear legitimate while collecting cryptocurrency from unsuspecting donors.

Figure 3.

The page appears to also be quickly created, with errors found such as the “Donate $500” which shows “1,000.00 USD” next to it. 

Additional Examples of Fraudulent Domains:

In addition to the site above, multiple domains were detected that attempted to impersonate official aid or government resources. Examples include:

·      jamaicahurricanerelief[.]com

·      hurricanemelissajamaica[.]com

·      jamaicahurricanerecovery[.]org

·      jamaicahurricanehelp[.]net

·      jamaicahurricanehelp[.]org

·      jamaica-hurricane-help[.]com

·      melissareliefjamaica[.]net

·      melissareliefjamaica[.]com

·      melissareliefjamaica[.]org

·      supportjamaicagovjm[.]com

·      supportjamaicagovjm[.]net

·      jamaica-relief[.]com

·      jamaicarelief[.]life

While the majority are now inactive, these domains share clear indicators of fraudulent intent due to cloned content from legitimate humanitarian websites. Most attempted to solicit cryptocurrency “donations,” a common tactic in disaster-related scams because such transactions cannot be reversed.

Broader Threat Landscape

Disaster-themed cybercrime remains a persistent global issue. Attackers reuse phishing kits and donation templates, register domains that sound trustworthy, and circulate links across social media to reach potential victims. Some operations focus on collecting funds, while others harvest personal data under the pretext of “relief registration” or “aid verification.”

These scams not only defraud individual donors but also erode public confidence in digital charity infrastructure. Charitable organizations and governments must then rebuild trust at a time when speed and credibility are essential for effective aid delivery.

Raising awareness, verifying the legitimacy of donation sites, and promoting the use of trusted payment channels are essential steps in reducing the impact of such scams. Continued collaboration between cybersecurity firms, government, and relief organizations is critical to dismantling fraudulent infrastructure before it can harm those already suffering.