Cybercriminals exploit the Israel-Hamas conflict with malicious emails and websites

Kaspersky has identified a scam campaign exploiting the Israel-Hamas conflict. Attackers are trying to take advantage of people's willingness to help those affected, tricking potential victims into making donations that ultimately lead to the theft of their money. To date, cybercriminals have spread over 500 emails and created fraudulent websites to speed up the money transfer process. Kaspersky urges users to remain vigilant and take precautionary measures to verify the recipients of their donations.

Fake charity scams happen frequently, taking advantage of real disasters or emergencies. Unfortunately, the Israel-Hamas conflict is no different. Kaspersky experts noticed an increase in malicious emails written in English asking for donations for those affected by the conflict. The company's security solutions detected more than 540 such emails.

Attackers use advanced social engineering techniques to exploit people's compassion and desire to help, trying to lure potential victims into making donations to steal their money. The scammers pose as charities and use emotive language to entice users to click on a scam website link asking them to contribute. These misleading emails come from a variety of addresses.

The links used in the emails lead to a scam website. This site provides users with a context about the conflict, displays photos and encourages them to make donations. The scammers facilitate easy money transfers by offering options for various cryptocurrency transactions - Bitcoin, Ethereum, Tether and Litecoin.

Using wallet addresses, Kaspersky experts discovered other fraudulent websites claiming to collect aid for various other groups in the conflict zone.

Unfortunately, scam pages like these can multiply quickly, changing their design and targeting different groups. To avoid scams, you should check the pages carefully before donating your money. Fake sites often lack basic information about charity organizers, recipients, legitimacy documentation or lack of transparency about the use of funds. We urge you to implement the following security measures:

• Check the charity's website and credentials. Legitimate charities will be registered - you should cross check an organisation's credentials against a known database to confirm they are genuine.
• Directly approach charities to donate or provide support. To donate online, type in the charity's website address instead of clicking on a link.
• If you're unsure of the organizations you've checked out, refer to known organizations that provide humanitarian support, such as United Nations Relief Services.
• Remember that people affected by the crisis are unlikely to contact you directly for money - especially people you don't know. Be especially careful with requests to send money.
• Remain vigilant. A fake website can look almost identical to a genuine charity website, with the details of where to send donations being the only difference. Spelling or grammatical errors often indicate fake pages.
• Be careful on social media. Social media is a useful way for charities to communicate with the public and solicit donations. But don't assume that a donation request on Facebook, Twitter, Instagram or YouTube is legitimate just because a friend liked or shared it. Take the time to research the group before you donate.