Cybercriminals are taking advantage of the Israel-Hamas war to trick good-hearted users into donating money to scam charities. Ax Sharma, a security researcher contributing to BleepingComputer.com, raised the alarm after coming across multiple posts on social media, in which scammers lure victims into sending donations to fake crypto addresses.
Fraudsters have been setting traps on Twitter, Telegram, Instagram, and other platforms. The accounts behind the posts are clearly fake: they have unclear origins and, despite far-fetched claims, are not endorsed by any credible charity institution. One example Sharma brings up is the “Gaza Relief Aid” Twitter account with a related website, AidGaza.xyz. According to the whois record for the domain, the address was registered on October 15.
The project lacks any reliable information regarding the people behind it, not to mention contact details. In its website’s footer, it claims to be a part of or related to “An Islamic Relief Initiative.” In fact, the only connection between AidGaza.xyz and Islamic Relief Worldwide, as goes the correct name of the (legit) charity, is that the former picked its website copy from the latter, which qualifies as an IP theft. The hypertext underneath links to a page with a call-to-action reading “Donate” and crypto wallet addresses. Fortunately, at press time, no one has fallen for the scam, and no money has been sent to the provided addresses.
Sharma is not the only security expert keeping a hand on the pulse. Last week, Kaspersky, a well-known cybersecurity company, shared its findings with BleepingComputer, reporting more than 500 scam e-mail operations with fake websites related to the Israel-Gaza conflict, seeking donations “for those affected on both sides.” One of them is EgyptHelp.Online, encouraging users to “support the victims in Palestine” and “help Egyptians settle the Palestine” with donations by credit card or web3 wallets (“BSC, ETH, Polygon, etc…”). The list goes on.
Obviously, donation scams are hardly a novelty. They have been around during the Russian invasion of Ukraine, Turkish earthquakes, and before. Their perpetrators use emotional appeals by posting graphic images of injured soldiers, women, and children. For some, telling apart between a legitimate initiative and a scam operation can be challenging. The rule of thumb is to follow only trusted sources and provide help through well-established organizations.