FBI Warns: Five Weeks In, Gaza Email Scams Still Thriving

  /     /     /  
Publicated : 23/11/2024   Category : security


FBI Warns: Five Weeks In, Gaza Email Scams Still Thriving


Cybercriminals are playing both sides with simple disaster scams, and its working.



The FBI is warning that fraudsters are using the war in Gaza to solicit cryptocurrencies from the sympathetic.
On Nov. 14
, and
Nov. 6
, different branches of the FBI published alerts that cybercriminals are masquerading as fundraisers and charities, using emails, social media, cold calls, and crowdfunding websites to convince victims that their money will go to either Palestinian or Israeli victims of the conflict. Often theyre opportunistic cybercriminals, but sometimes theyre terrorist organizations, which often establish fake charities using social media platforms to subsidize their operations, the Bureau noted.
Many hundreds of such scams have popped up
since Oct. 7 and, apparently, theyre working.
One report compiled by Netcraft
last month traced 1.6 million dollars worth of crypto to accounts associated with these fake charities.
It makes sense, then, that the trend isnt going away, and new campaigns — like the one
described on Nov. 16 by Abnormal Security
, targeting 212 individuals at 88 organizations — are still going strong.
When you see suffering on the news, the human brain wants to make things better. Thats just the natural condition of how were wired, and attackers know this, warns Mike Britton, CISO at Abnormal Security.
Thats really the crux of why these campaigns are so effective — they know how to kind of short circuit your normal thinking, and hit you with a certain stimulus youre going to respond to differently than if you were looking at something without the same emotion and urgency.
Per the FBI, citizens should be suspicious of any unsolicited emails asking for money sent in forms not easily traceable, such as cash, wire transfers, gift cards, or, more often than not, cryptocurrencies.
Crypto, in fact, played more than one useful role in the latest campaign tracked by Britton, playing on the suffering of Palestinian children.
The perpetrator used a few everyday tricks, like spoofing a real India-based companys email domain (erode@gwcindia[.]in), changing the display name (help-palestine[.]com) to make it look extra legitimate, and peppering in emotional and urgent language (e.g. the children in Palestine are dying) presented in
mostly
grammatically correct English.
Often, scams like these lure victims to click on phishy links. By requesting payment in crypto, however, the attackers were able to avoid using any kind of URLs which might be picked up by a traditional email security filter.
Source: Abnormal Security
In fact, the links that were included in the email only served to lend emotion and legitimacy to the message.
If you look at the links here, theyre normal links: AlJazeera, NBC News, UNICEF. Those lend credibility because as the recipient of this email, Im going to think: Okay, Al Jazeera is a well-known news organization. NBC is well-known, UNICEF well-known — these arent fishy BitLy domains, Britton points out.
Unwitting victims who believe theyre donating a modest amount of crypto to a good cause could, in the end, lose much more than they bargained for.
As Robert Duncan, vice president of product strategy at Netcraft points out, scammers have been using
crypto wallet drainers
to turn small donations into big money.
The crypto drainers are particularly effective — rather than many other types of donation fraud where the victim is still choosing how much cryptocurrency to send, crypto drainers can entirely empty a crypto wallet in one fell swoop, he explains.
This might help explain the 1.6 million dollars lost to Gaza scams in only the first couple of weeks following the outbreak of conflict. And, Duncan adds, the total amount lost is likely to be higher, as many of the scams do not surface the underlying cryptocurrency transaction without making a payment which Netcraft was not in a position to track.
To snuff out these emails before they lead to crypto drains, Britton suggests the use of behavioral AI-enabled spam filtering, or some simple common sense.
Youre always better off donating to a known, reputable organization. Dont do it through an unsolicited email, do it through their website, or a known contact that you have, he advises.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
FBI Warns: Five Weeks In, Gaza Email Scams Still Thriving