27-11-2023 (SINGAPORE) Opportunistic scammers are leveraging the ongoing conflict in the Middle East to siphon off funds meant for humanitarian aid, with more than US$1.6 million (S$2.1 million) in cryptocurrency identified as diverted to fraudulent accounts, according to British cyber-security company Netcraft.
These scammers employ various tactics, including fake emails, deceptive websites, social media campaigns, and phone calls to appeal for donations. Contributors are then directed to Bitcoin addresses, where malicious crypto-draining software is deployed, wiping out the donor’s cryptocurrency wallet.
Netcraft’s blog on Oct 25 highlighted the resurgence of crypto-draining attacks, linking them to the Gaza conflict. The company had previously reported similar schemes exploiting Silicon Valley Bank’s downfall in March 2023.
Before the bank’s collapse, fraudsters created sites with opportunistic domain names, purporting to aid “all SVB customers,” only to exploit and defraud them. The Federal Bureau of Investigation and the Federal Trade Commission in the United States have also raised alarms about donation scams connected to the ongoing conflict.
According to Group-IB, a cyber-security company, scammers thrive during major conflicts by manipulating emotions and creating an atmosphere of urgency. Vladimir Kalugin, the operations director of digital risk protection at Group-IB, highlighted suspicious websites exploiting the conflict to collect donations, offering various means of payment, including crypto, direct transfers, and donations via platforms.
The Singapore Cyber Emergency Response Team, part of the Cyber Security Agency of Singapore, previously warned about the rise of scammers exploiting conflicts, as seen in the Ukraine war in March 2022. These fraudsters employed spam emails containing data-stealing malware to pilfer funds.
Responding to humanitarian calls after the Gaza conflict, Singaporeans have been urged to exercise caution by Mr. Satwant Singh, chairman of disaster relief agency Mercy Relief. He emphasized the importance of verifying the legitimacy of organizations and cautioned against releasing personal information or scanning QR codes without verification.
Donors were advised to check a charity’s authenticity by examining its website creation date through tools like Whois, which can reveal if a site was hastily created to exploit trending topics. Interpol, though not directly commenting on the Gaza donation scams, emphasized that online scammers are opportunistic, exploiting crises for financial gain.
As donors continue to play a crucial role in aiding conflict-affected regions, the need for heightened awareness and verification processes remains paramount to thwart the tactics of these opportunistic scammers.
