Scammers are exploiting the unfolding Israeli-Hamas conflict to defraud unsuspecting donors under the guise of collecting donations for humanitarian aid.
Kaspersky has identified over 500 scam emails and numerous fraudulent websites requesting donations.
“Scammers impersonate charitable organizations and use emotional language to entice users to click on a scam website link, where they are prompted to contribute, only to lose their money,” Kaspersky said in an email to VPNOverview.
Andrey Kovtun, a security expert at Kaspersky, told us the use of fake websites makes this campaign “particularly noteworthy.”
“Typically, they include the cryptocurrency wallet for transferring money directly within the body of the spam email, bypassing the need to create any dedicated websites,” Kovtun noted.
Manipulating Emotions for Profit
The phishing emails and fraudulent websites are in English, Kaspersky said. They encourage people to make donations in crypto, ostensibly to support the victims of the conflict.
According to BleepingComputer, scammers are stealing content from legitimate charity organizations to appear legitimate. For instance, an account titled “Gaza Relief Aid” used content lifted from the Islamic Relief’s official website, but closer inspection reveals the associated domain — aidgaza.xyz — is not endorsed by any established charity organization, and the website doesn’t contain any contact details.
Kaspersky noted that the scammers use variations of the same text to bypass spam filters.
“For instance, they use various call-to-donate phrases like ‘we call to your compassion and benevolence’ or ‘we call to your empathy and generosity,’ and substitute words like ‘help’ with synonyms such as ‘support,’ ‘aid,’ etc. Besides, they alter links and sender addresses,” Andrey Kovtun, a security expert at Kaspersky, said.
BleepingComputer found these charity scammers on social media platforms like X (formerly Twitter), Telegram, and Instagram.
Scammers are known to exploit global events, including conflicts and wars, to swindle unsuspecting victims. In 2022, McAfee warned that scammers were exploiting the Russia-Ukraine war by setting up fake websites to receive donations. And, with AI tools like WormGPT available today, it’s easier than ever for cybercriminals to craft grammatically correct phishing emails or create fake sites to scam victims.
How to Avoid Falling for Charity Scams
Scam sites and pages “like these can swiftly multiply, altering their design and targeting diverse groups,” Kaspersky warned.
To protect yourself from charity scams, Kaspersky recommends the following precautionary measures:
- Verify charities by cross-checking their credentials in known databases.
- Approach charities directly, typing in their website address rather than clicking suspicious links.
- If uncertain, turn to established humanitarian organizations for donations.
- Personal contact is rare. Those affected by crises are unlikely to contact strangers for donations.
- Fake sites may look similar to genuine ones. Spelling or grammatical errors can be red flags.
- Just because a friend shared a donation link doesn’t mean it’s legitimate.
“If a user is uncertain about an organization soliciting donations, they can verify the website domain through “whois” services like who.is and whois.com. Ensure the domain owner matches the organization you’re supporting; hidden data or a private owner raises suspicion. Pay attention to the domain’s creation date – a recent date is a red flag,” Kovtun added.
Read our guide to cryptocurrency scams to learn about common scams and how to spot a ruse. Remember, be vigilant of emotional manipulation tactics online. Also, protect yourself online with a solid antivirus and a premium VPN service like NordVPN.
For more news, follow us on X (Twitter), Threads, and Mastodon!
