Kaspersky has identified a scam campaign exploiting the Israeli-Hamas conflict. Attackers are attempting to capitalize on people's willingness to aid those impacted by deceiving potential victims into making donations, ultimately leading to the theft of their money. To date, cybercriminals have disseminated over 500 scam emails and created fraudulent websites to expedite the money transfer process. Kaspersky urges users to remain vigilant and take proactive steps to verify the recipients of their donations.
Fake charity scams frequently occur, often exploiting real disasters or emergencies. Regrettably, the Israeli-Hamas conflict is no different. Kaspersky experts observed a surge in scam emails written in the English language, falsely seeking donations for those affected by the conflict. The company’s security solutions detected more than 540 such emails.
Attackers use advanced social engineering techniques to exploit people's desire to help and their compassion, trying to lure potential victims into making fake donations to steal money. Scammers impersonate charitable organizations and use emotional language to entice users to click on a scam website link, where they are prompted to contribute. These deceptive emails come from various addresses.
“In these emails, scammers try to create multiple text variations to evade spam filters. For instance, they use various call-to-donate phrases like ‘we call to your compassion and benevolence’ or ‘we call to your empathy and generosity,’ and substitute words like 'help' with synonyms such as 'support,' 'aid,' etc. Besides, they alter links and sender addresses. Robust cybersecurity solutions guard against these tactics,” says Andrey Kovtun, a security expert at Kaspersky.
The links used in the emails lead to a scam website. This website provides users with context about the conflict, displays photos, and encourages them to make donations. Fraudsters facilitate easy money transfers, offering options for various cryptocurrency transactions – Bitcoin, Ethereum, Tether, and Litecoin.
Using wallet addresses, Kaspersky experts discovered other fraudulent web pages, claiming to collect aid for other various groups in the conflict area.
Sadly, scam pages like these can swiftly multiply, altering their design and targeting diverse groups. To avoid scams, it is worth scrutinizing pages thoroughly before donating. Fake sites often lack essential information about charity organizers, recipients, legitimacy documentation, or lack transparency regarding fund usage. It is worth implementing the following security measures:
Checking the charity’s website and credentials. Legitimate charities will be registered — you should cross-check an organization’s credentials in a known database to confirm they are genuine.
Approaching charity organizations directly to donate or offer support. To donate online, type in the charity website address rather than clicking on a link.
If you are uncertain about the organizations you have checked, refer to well-known organizations that provide humanitarian support such as United Nations relief agencies.
Remembering that individuals who have been affected by the crisis are unlikely to contact you directly for money — especially strangers you don’t know. Be extra cautious of requests to send money.
Staying vigilant. A fake website may look near identical to a genuine charity site, with the details of where to send donations being the only difference. Spelling or grammar mistakes often indicate fake pages.
Being careful on social media. Social media is a useful way for charities to communicate with the public and solicit donations. But do not assume that a donation request on Facebook, Twitter, Instagram or YouTube is legitimate simply because a friend liked or shared it. Take the time to research the group before donating.