Fake Emergency Alert Messages – Serious Threat or Passing Annoyance?

This article from Johnson County, Wyoming raises some interesting issues.

It seems that residents have been getting fake calls that appear to be “emergency alert” calls from the county.  But it’s unclear what the motive for the calls is.  The article says the calls become garbled, then cut out.  So other than annoying folks, it’s hard to see what these calls will accomplish.

But the assurances from the county don’t give us a warm and fuzzy, either.

First, the article tells us that all real calls will start with “This is a CodeRED alert”.  But if the calls can start with “This is Johnson County”, it’s not hard to imagine the culprits changing that message to “This is a CodeRED alert.”

Second, the article tells us that the caller ID for real calls will end in “5000” (probably).  Again, that’s not hard to do.  Faking a caller ID is pretty easy.  And there are thousands of phone numbers that can end in “5000”.  For the past few months, I’ve been getting illegal automated calls that have my area code and exchange so they look like local calls.  And we’ve talked to friends who’ve gotten similar calls.

Still, despite the fact that hackers could probably fake emergency alert calls pretty easily, it’s not obvious that they’d bother.  Making calls on the public phone network costs money – lots of money when compared with emails and other Internet messaging – and a scammer has to find a way to get a return on their investment.

These fake calls are a concern.  And we’re glad people report this kind of activity.  But it’s too soon to tell if the calls are a serious problem.  Hopefully – once the perpetrators find that this activity is not profitable – they will simply stop.

 

Interesting Source of Creative Inspiration

We just came across the Earth Manual Project, a website that “aims to gather examples of excellent disaster preparedness innovation from all over the world and put them to productive future use.”

The website is more oriented to Asia (the authors seem to be primarily Japanese) and it gets most of its inspiration from developing countries.  But as a source of creative ideas in getting the public prepared for emergencies, that difference in perspective could be helpful for public safety folks in the US.  For example, one page discusses how camping – something many Americans are fond of – is one of the most popular ways to get people interested in emergency preparations.

We think this is an interesting website and worth at least 10 minutes of review.  And we’ll keep an eye on it and highlight things we think are interesting and potentially useful.

 

Digital conversations can be an effective tool in emergency situations.

Emergency management agencies are using social media (Twitter, Facebook, etc.) to get information out during emergencies. So we think it’s important to follow what influential institutions are doing in this area. Last month, the United Nations office of the Coordination of Humanitarian Affairs published a report about hashtag standardization, primarily discussing the social media platform, Twitter. It is important, first, to know that a hashtag must contain the pound sign (#) with some sort of phrase immediately following. The hashtag allows for digital conversations to be had on Twitter and can organize topic-related tweets. According to the document, “the public is using Twitter for real-time information exchange and for expressing emotional support during a variety of crises, such as wildfires, earthquakes, floods, hurricanes, political protests, mass shootings, and communicable-disease tracking.” The important and most effective feature about Twitter is that it allows real-time information to be public within seconds. For emergency responders, tweets and other social media posts help responders organize more effectively and track where the most need is during and immediately following a crisis. One of the case studies from the report is Super Typhoon Haiyan in the Philippines (2013). Within the first 48 hours after Super Typhoon Haiyan’s landfall, nearly 230,000 tweets were published internationally containing a situationally relevant hashtag. From those tweets, over 600 written messages and 180 images were identified containing actionable information for emergency response planning. These messages included evidence of affected areas, as well as logistics planning information such as road closures, downed power lines and shelter locations. Digital humanitarians from the Standby Volunteer Taskforce triangulated and published this information to live crisis maps to assist aid workers in-country, sometimes even before the responders reached the Philippines. The effectiveness and importance of using Twitter has become widespread around the world. It has become essential for getting reliable and up-to-the-minute information out to the public. That’s why Hyper-Reach includes a fully-integrated Twitter and Facebook component in its emergency messaging application and continues to explore how else to help responders get information out to the public using social media.

Small Changes in Wording Can Mean Big Changes in Behavior

This article in the NY Times is about workplace discrimination, but skip to the eighth paragraph or so, and you’ll find reference to a fascinating bit of research, in which a message to keep people from stealing petrified wood in a national forest backfired at first (theft went up 60%), then dropped to less than half of the original rate – all by changing a few sentences.

Marketing people understand the impact of small changes in message delivery very well.  I once worked at a company that spent hundreds of thousands of dollars testing the impact of using red, green or blue postcards (the blue worked best).

Why should public safety folks care about these things?  Because these examples – and many others in social science literature – demonstrate that how a message is delivered can make a dramatic difference in what people do in response to that message.

As a communicator, you want your messages to be effective, both in getting the public to prepare (for example, by signing up for emergency alerts), and in responding to emergency situations (e.g. shelter-in-place.)

Public safety folks don’t have thousands of dollars to spend on sophisticated market research, but you can use this insight to your advantage in at least three ways:

  1. Be aware that wording matters.  Pay attention to how you word your messaging, and always make a best effort;
  2. Pay attention to your results.  Did the public “get it” when you sent out your message?
  3. Find out what others are doing.  See what others think works or fails to work.

There are basic principles you can follow, and we’ll write about these in future posts.  For example, messages that suggest that other people are complying are usually more effective than messages that complain about people not doing what you want them to do.

But the first step is just to be aware.  You’ll be surprised how much more effective you can be.

 

The Importance of Simplicity in Emergency Alerts

Some emergency alert systems are designed with simplicity as a priority.  Others were designed to have lots of features and may have sacrificed simplicity for the sake of added functionality. The best systems offer lots of capability while keeping their systems simple and easy to use.

Two recent news stories reminded us why the system should favor simplicity whenever possible.

First, there’s this story from Wake Forest, NC in which thousands of residents were called to notify them that they were behind on their utility payments and their power was scheduled to be disconnected.  Instead of the 232 folks for whom the message was meant, it went to almost everyone in town.  To compound things, a follow up message to try and clear things up went out as late as 1AM.

Then, there’s this story from Horry County, SC in which a message about a murder suspect was confusing, and missing important information.  As the story says, “About 110,000 people got the message that left out the specific location, the agency, and had the wrong person’s name.”

In both cases, the agencies involved said they would re-train their people to make sure proper procedures are followed.  And of course, that’s a good idea.

Another good idea is to use a system that’s so simple, mistakes are difficult to make.  Hyper-Reach uses a simple three-step process that makes sending a message a snap.  It’s so simple, that users of other systems tell us that it’s the easiest, fastest, simplest system they have seen.

We’re not claiming that no one has ever made an error using Hyper-Reach.  But we’ve been providing our system for the past 12 years, so we can say that our experience shows.

Foreign Hackers Threaten Automated Weather Alerts

This story from the Washington Post talks about an incident in September in which NOAA systems were hacked, resulting in the agency shutting down its systems for a period while claiming  that it was “doing ‘unscheduled maintenance’ on its network, without saying a computer hack had made that necessary.”  Other stories suggest that the incident resulted in the temporary shutdown of data from NOAA and other sources.

Apparently NOAA did not disclose the hackers attack, as required by law.

This is scary stuff for at least two reasons we can think of:

1) Automated weather alerts depend on NOAA systems.  These are the systems that automatically feed IPAWS/WEA alerts as well as the automated weather alerts that come from Hyper-Reach and other systems.  So a loss of these systems at the wrong time could jeopardize lives and property;

2) If hackers were able to create false alerts, they might be able to disrupt a community for some nefarious end.  A tornado or other shelter-in-place alert could be sent to millions of people, for example, in order to clear the streets.

As more and more alerts are tied to automated systems, it becomes increasingly important that those systems are secure.

Best Practices in Wireless Emergency Alerts – II

In part two of our series summarizing “Best Practices in Wireless Emergency Alerts”, we’ll tackle the topic of how the audience for WEA’s is selected. Many times an emergency will not affect an entire county, so how does public safety decide who receives Wireless Emergency Alerts (WEA)?

Wireless Emergency Alert standards do not require the alerting authority to send out alerts to an area smaller than a county. Even though a citizen may live miles away from the emergency taking place, they could still get an alert. Some emergency alert vendors, including Hyper-Reach, provide map-based geo-targeting so that alerts can easily be sent only to cell towers  in the affected area. Counties that don’t use geo-targeting will send alerts to the entire county.

Even when the software provider can support map-based geo-targeting, the method that mobile telecom carriers use to select the towers can result in over-selecting the people getting the alert.  We’ll explain that more in a later post.

When people receive too many alerts that don’t pertain to them, they can become desensitized to them, a term called “alert fatigue”. This can be dangerous as they might ignore an important alert later on.

The Integrated Public Alert and Warning System (IPAWS) Open Platform for Emergency Networks (OPEN) creates an alert using a combination of phrases generated from the information put into the system by local alerting authorities. These messages cannot be modified. To try to avoid alert fatigue, some alerting authorities can change the WEA using a Commercial Mobile Alert Authority text (CMAMtext). In theory, state authorities have granted certain public safety officials the option of sending a CMAMtext, a customizable 90-character message.  In reality, according to a recent FEMA IPAWS webinar we attended, all alert authorities can send CMAMtext message.

In effect, a CMAMtext message can be thought of as free-form text.

While a standard IPAWS-OPEN alert may read:

FLOOD WARNING

Until 6:23 pm

Evacuate now

A CMAMtext message could be more specific:

FLOOD WARNING

Until 6:23 pm

Evacuate S Main St now

Although the entire county may receive the alert, it is clear that residents of South Main Street should respond.

Another example of a standard IPAWS-OPEN message is:

FIRE WARNING

In this area

Until 1:05 am

Evacuate now

A CMAMtext could read:

FIRE WARNING

in Zip 01375

Until 1:05 am

Evacuate now

CMAMtext can also be used to change the language of the alert, if a large percentage of the county is comprised of non-English speakers.

Emergency management agencies work hard to make sure their messages are clear, effective and relevant to the people who are receiving them. While geo-targeting is useful to avoid alert fatigue, using CMAMtext to be more specific is a good practice. We’d love to hear what you think.

Faith and Community Leaders called to prepare

Disasters can strike any small town or city without warning and often residents turn to their local leaders for assistance. Clergy and community leaders have and take a considerable amount of responsibility for their congregations and folks they represent. It is expected that these leaders respond quickly and be ready to open the doors when a tornado devastates a neighborhood or an entire community is flooded.

If these are the expectations for leaders to respond to disaster, isn’t it equally as important to engage and prepare everyone beforehand? Organizations and churches have connections to large groups of people living in certain communities. If emergency preparedness leaders are looking to create an effective campaign to inform the public, it makes sense to encourage these people to participate.

Local clergy and religious leaders have the opportunity to reach out to their members through bulletins or events to encourage preparation. As faith leaders, they are trusted and have the possibility for high numbers of registrations for local emergency notifications. It is important for them to educate and understand the risks facing their communities and share those with their congregations. There are many resources that can be used and be a guide for preparedness. Faith leaders can create and opt-out or opt-in system for their congregations, however, opt-out may be more effective, as it would have higher enrollment numbers. Events can be planned to inform and notify the community of the proposed enrollment campaign like Crenshaw Christian Church in Los Angeles which held its 2nd Annual Preparedness Sunday last month or the many other events organized around the country!

This active role of community and faith leaders can save lives and participation should be inspired by their commitment to serving others.

Honoring America’s Veterans

Today is Veterans Day and since many folks in the emergency management and public safety fields, it seems like it’s a good opportunity to say “thanks” to our veterans.

Veterans Day started out as “Armistice Day” to celebrate the end of World War I, which formally ended on the 11th hour of the 11th day of the 11th month in 1918.  It was originally intended to honor the veterans of that great war.  The date was declared Veterans Day by President Eisenhower in 1954, although Birmingham, AL claims to have started the movement to rename it “Veterans Day” in 1947 and Raymond Weeks of Birmingham was recognized by President Reagan as the driving force for both renaming it and changing it to honor all veterans.

Here are some of the ways you can thank a vet today.  And if you’re a fan of StoryCorps, this special is worth a listen.

We appreciate our veterans and the sacrifices they’ve made and we add our thanks to the chorus of voices that are singing the praises of all the men and women who have served our country so well.

 

 

 

 

How Dallas Used Their Emergency Alert System During Ebola Crisis

This story from Urgent Communications profiles how Dallas used their Mass Emergency Notification System (MENS) to help in their education efforts during the time that Thomas Eric Duncan and two nurses were diagnosed with the Ebola virus.

What the article makes clear is that the longest time spent in sending the messages was in deciding what to send – both in the way of content and also in terms of the frequency of messaging.

Like Hyper-Reach, the Dallas system uses landline phone numbers from the 911 database, combined with self-registration data to capture cellphones and email addresses.  Numbers to be called can be selected by geography (our system uses Google Maps, which we consider to be a big benefit, since it’s so familiar and easy to use.)

We’ve talked to public health workers about the use of emergency alert systems like Hyper-Reach for alerts about disease outbreaks and other public health risks and they agree these systems can be useful.  We also think it’s important to consider the use of IPAWS and WEA messages when there’s a real crisis.  WEA messages don’t depend on registration, so they reach every WEA-equipped cellphone (which is most of them) within a selected geography.

So we’re encouraging our clients – and all public safety folks – to think about how they would use Hyper-Reach or systems like it in a public health emergency like a disease outbreak.  And let us know if we can help.