Abnormal Security, a cybersecurity research firm, has recently uncovered a deceptive crypto donation scam that preys on the humanitarian crisis in Gaza. Scammers are manipulating users by creating sympathy for Palestinian children and urging them to make donations. This scheme has targeted 212 individuals across 88 organizations.
Exploiting global events for illicit gains is a recurring tactic for threat actors. Similar incidents occurred during the disappearance of Malaysian flight MH370, where scammers spread false information to capitalize on the situation. In the current fraud campaign, scammers are using emails allegedly sent by a group named “help-palestinecom,” asking recipients to contribute to their campaign for supporting Palestinian families.
It’s important to note that scammers specifically request donations in cryptocurrency, ranging from $100 to $5000. They provide cryptocurrency wallet addresses for Bitcoin, Ethereum, and Litecoin to avoid traceability.
Unsuspecting users fall victim to the scam, believing their contributions will provide essential needs for Palestinian children, such as medical care, clean water, and internet access. To make the emails appear legitimate, scammers include links to recent news articles highlighting the impact of the conflict on children. Emotionally charged language is strategically employed to underscore the challenges faced by children in Palestine.
For example, phrases like “children in Palestine face unimaginable challenges daily,” “a lifeline for these children caught in the crossfire,” and “the children in Palestine are dying” are used. The scammers employ various tactics, including spoofing the email address of an Indian stock brokerage firm, Goodwill Wealth Management, and creating a fake domain to avoid detection.
According to Mike Britton, Chief Information Security Officer (CISO) at Abnormal Security, traditional secure email gateways (SEGs) struggle to identify this scam due to the social engineering techniques employed by scammers and the lack of obvious indicators like grammatical errors or payloads. Britton emphasizes the necessity of AI-based email security solutions that can differentiate between malicious and genuine content.
Britton explains, “An AI-powered email security platform is trained to identify social engineering tactics. It recognizes that this email is attempting to leverage emotional manipulation to convince the target to bypass rational thinking and quickly transfer funds. It can also detect and flag the mismatch between the sender’s email and the reply-to address, as this is a common attack tactic.”
This scam is the latest in a series of manipulative attacks capitalizing on ongoing geopolitical crises. The FBI issued warnings on November 6 and 14, 2023, alerting users to fraudsters attempting to exploit the war in Gaza. The FBI notes that apart from opportunistic cybercriminals, terrorist organizations may also establish fake charities to “subsidize their operations.”
Users are advised to exercise caution, verify the legitimacy of the sender and their claims before donating, as fraudsters can use various channels, including emails, social media, cold calls, crowdfunding sites, and charities/fundraisers, to solicit payments.