Since the Israel-Hamas war started, cybercriminals have disseminated over 500 scam emails and created fraudulent websites to expedite the money transfer process, using advanced social engineering techniques to exploit people’s desire to help and their compassion, trying to lure potential victims into making fake donations to steal money.
Cybersecurity company Kaspersky has identified a scam campaign with attackers looking to capitalize on people donating monetary aid by deceiving the victims.
Scam emails have spread written in English, and cybercriminals have made fraud websites to get people to transfer money via cryptocurrency transactions – Bitcoin, Ethereum, Tether, and Litecoin.
Scammers impersonate charitable organizations and use emotional language to lure users to click on a scam website link, where they are prompted to contribute.
“In these emails, scammers try to create multiple text variations to evade spam filters. For instance, they use various call-to-donate phrases like ‘we call to your compassion and benevolence’ or ‘we call to your empathy and generosity’ and substitute words like ‘help’ with synonyms such as ‘support,’ ‘aid,’ etc. Besides, they alter links and sender addresses. Robust cybersecurity solutions guard against these tactics,” says Andrey Kovtun, a security expert at Kaspersky.
Additionally, the links in the fake emails lead to a scam website that provides visitors with information on the cause and images.
To avoid getting scammed by these websites and emails, Kaspersky suggests following certain security measures:
Checking the charity’s website and credentials.Legitimate charities will be registered — you should cross-check an organization’s credentials in a known database to confirm they are genuine.
Approaching charity organizations directly to donate or offer support. To donate online, type in the charity website address rather than clicking on a link.
If you are uncertain about the organizations you have checked, refer to well-known organizations that provide humanitarian support, such as UN relief agencies.
Remember that individuals who have been affected by the crisis are unlikely to contact you directly for money — especially strangers you don’t know. Be extra cautious of requests to send money.
Staying vigilant. A fake website may look nearly identical to a genuine charity site, with the details of where to send donations being the only difference. Spelling or grammar mistakes often indicate fake pages.
Be careful on social media. Social media is a useful way for charities to communicate with the public and solicit donations. But do not assume that a donation request on Facebook, Twitter, Instagram, or YouTube is legitimate simply because a friend liked or shared it. Take the time to research the group before donating.