As thousands of civilians die amid the deadly Israel-Hamas war, scammers are capitalizing on the horrific events to collect donations by pretending to be legitimate charities.
BleepingComputer has come across several posts on X (formerly Twitter), Telegram and Instagram where scammers list dubious cryptocurrency wallet addresses and lure unsuspecting victims into sending them funds.
Researchers have also spotted over 500 "fundraising" emails sent from entities claiming to be charities.
Crypto scams surface amid Israel-Hamas war
Several accounts on social platforms including X, Telegram, and Instagram are enticing people to make humanitarian donations to support the victims of the ongoing Middle East crisis.
However, these accounts, primarily listing crypto wallet addresses, have dubious origins, are not endorsed by an official charity, and are very likely to be scams.
Similar to the previous crypto donation scams we have reported on before, during the Russo-Ukrainian war and following the earthquakes in Turkey, these accounts evoke emotions of viewers by posting gory pictures of wounded soldiers, women, and children.
An example BleepingComputer came across was a "Gaza Relief Aid" account on X, which uses the aidgaza.xyz domain and maintains a presence on Telegram and Instagram:
The domain, aidgaza.xyz associated with the account was registered Oct 15th and is not endorsed by any established charitable organizations, contrary to its claim of being "An Islamic Relief Initiative" listed on the page's footer.
The website's copy, however, has been lifted from the Islamic Relief's official website.
It is also worth noting, other than a handful of "press releases" that are syndicated verbatim from news wire agencies reporting on the Israel-Hamas war, and images of injured war victims, the website has no information with regards to the people behind it, the organization, or an associated contact number and a physical address.
The operators behind this account have listed their Ethereum, Bitcoin, and USDT addresses on its website and social media accounts [1, 2] where funds should be sent.
BTC: 16gbXTmvxtrzieoh2vX3io7FhXK4WJryX2
ETH: 0x5E8b0df880A9f9F6e4D4090a84b3c1A02fF311b4
USDT: TK4A9dfwqbJhzz4NeGJZBo9nVMJztxnT27
Fortunately, BleepingComputer tracked the crypto addresses' transaction history and observed no donations have been sent yet to any of these addresses.
We further observed the Instagram account @gazareliefaid was no longer available, after likely being suspended by Meta (Instagram's parent company).
Some social media posts [1, 2] showed a third party stating that they'd donated the funds, and the person seeking donations confirming having received them, but wallet history indicated otherwise. This is very likely a tactic employed by suspicious accounts to lend more credibility to their operations.
On the flip side, suspicious accounts claiming to support Israel and Israeli victims are also making rounds. As an example, BleepingComputer came across a 'Donate for Israel' account on X [1, 2, 3]. The associated crypto wallet address (0x4aC1Ea2e36fE3ab844E408DF30Ce45C8B985d8cd) once again shows zero transactions and sparse data associated with the X account casts doubts on its authenticity.
One must note that none of the example accounts shown here are verified for authenticity, and as such users should exercise caution when approaching such claims online.
Fake fundraising emails impersonate charities
Cybersecurity firm Kaspersky also shared its findings with BleepingComputer last week.
Researchers at the security giant report seeing more than 500 scam emails, along with fraudulent websites designed to capitalize on people's willingness to aid those impacted.
These fraudulent emails and websites, crafted in English, claim to seek domains "for those affected on both sides."
The emotional language and visual aids used in these communications are once again a tactic to entice users to visit the scam, where they are prompted to contribute, only to lose their money.
The websites seen by Kaspersky researchers support easy money transfer options and accept a wide range of crypto: Bitcoin, Ethereum, Tether, and Litecoin. An example shared by the researchers is shown below.
While Kaspersky did not name the specific website in question, BleepingComputer was able to trace it to an egypthelp.online domain, with the website titled, 'Help Palestine Society.' The website was unavailable at the time of writing.
Using the wallet addresses, Kaspersky experts discovered additional fraudulent web pages claiming to collect aid for various other groups in the conflict area.
"In these emails, scammers try to create multiple text variations to evade spam filters," Andrey Kovtun, a security expert at Kaspersky told BleepingComputer.
"For instance, they use various call-to-donate phrases like 'we call to your compassion and benevolence' or 'we call to your empathy and generosity,' and substitute words like 'help' with synonyms such as 'support,' 'aid,' etc. Besides, they alter links and sender addresses."
Kaspersky researchers have warned that such scam pages can swiftly multiply simply by modifying their design and targeting specific groups of people.
How to donate safely?
To avoid scams, the researchers urge viewers to scrutinize pages thoroughly before donating. Fake websites often lack essential information about charity organizers and recipients, legitimacy documentation, or lack transparency regarding fund usage.
In a succinct blog post, Larissa Bungo, a Senior Attorney at the U.S. Federal Trade Commission (FTC) shared several actionable tips that can prevent you from falling for scams. One of these tips includes researching the organization that is seeking donations:
"Research the organization — especially if the donation request comes on social media. Search the name plus 'complaint,' 'review,' 'rating,' or 'scam.' And check out the charity with the Better Business Bureau's (BBB) Wise Giving Alliance, Charity Navigator, Charity Watch, or Candid. If the message was from a friend, ask them if they know the organization themselves. Find out exactly how much of every dollar you donate goes directly to the charity’s beneficiaries."
IRS has issued a similar advisory cautioning people to not "give in to pressure."
UK government has published a guide on how to donate safely, including a list of legitimate charities like the British Red Cross. The legitimacy of these charitable organizations can be validated by visiting the government's charity register.
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now