SINGAPORE: Scammers are taking advantage of the ongoing conflict in the Middle East by diverting donations to accounts held by fraudsters.
British cyber-security company Netcraft said it has detected the transfer of more than US$1.6 million (S$2.1 million) in cryptocurrency to accounts associated with fraudsters.
The scammers appealed for donations via fake e-mails, websites, social media and phone calls. Donors were asked to send their contributions to listed Bitcoin addresses, where a crypto-draining software lay in wait.
The software wipes out a donor’s crypto-wallet.
Netcraft said in a blog published on Oct 25: “Back in March 2023, Netcraft reported on crypto-draining attacks in a blog that described how criminals were capitalising on Silicon Valley Bank’s demise. Both approaches to soliciting cryptocurrency ‘donations’ are used in campaigns exploiting the Gaza conflict.”
Before Silicon Valley Bank collapsed in March 2023, fraudsters operated a series of sites that used opportunistic domain names that included the bank’s name, claiming to offer help to “all SVB customers”, but instead, fleeced them.
The United States’ Federal Bureau of Investigation and the Federal Trade Commission have similarly flagged donation scams linked to the conflict.
Cyber-security company Group-IB told The Straits Times that scams thrive amid big conflicts by creating an environment in which scammers manipulate people’s emotions by instilling a sense of urgency.
Vladimir Kalugin, operations director of digital risk protection at the firm, said it is aware of suspicious websites that are exploiting the conflict to solicit donations.
“Some websites collect donations to ‘purchase food, medicines, et cetera’ and accept crypto payments, direct peer-to-peer money transfers, or transfers via donation platforms.
“Another category of rogue websites offers to buy souvenirs and promises to transfer the proceeds to humanitarian causes,” he said.
The Singapore Cyber Emergency Response Team, under the Cyber Security Agency of Singapore, had in March 2022 warned of a rise in reports of scammers exploiting the Ukraine war.
The fraudsters used, among other tools, spam e-mails laced with data-stealing malware to steal funds.
People in Singapore have been responding to calls for humanitarian relief assistance soon after the war in Gaza erupted.
Satwant Singh, chairman of disaster relief agency Mercy Relief, warned against falling prey to scams, adding that it is always “easy to let the heart do the talking when it comes to helping a fellow human being in need”.
“Many (scammers) ride on the bandwagon collecting money. But are you sending the money or in-kind donations to the right organisations?” he said.
Kalugin said donors can check a charity’s authenticity by looking at its website’s creation date via Whois. Whois is a tool used for querying databases that store information on registered users or assignees of an Internet resource.
“Scammers create multiple websites quickly to exploit a certain trending topic, so a recently created resource should be treated with caution,” he said.
In general, donation fraud schemes target a broad audience and are not focused on a specific geography.
Interpol did not comment directly on the Gaza donation scams when asked, but told ST that “online scammers are inherently opportunistic, and will seek to exploit any crisis for financial gain – as we saw with the Covid-19 pandemic”.
Checks with the Singapore Police Force’s Weekly Scams Bulletin showed there were no reported cases of donation fraud linked to the Gaza conflict.
Singh said donors should contact the charitable organisations directly. Donors should verify how long the organisations have been in existence, and ask about the identity of their board members.
He added that it is also a good habit not to release bank details over the telephone or scan QR codes without verification.
Group-IB’s Kalugin said it is important to look for verified resources belonging to well-known organisations with a good reputation and an extensive charitable track record.
“Remember that scammers have enough technical means to impersonate even the most reputable organisations, so it is recommended to independently verify the authenticity of any communications that you receive via messengers, social media, SMS or even calls,” he added.
Singh said Mercy Relief actively checks if there are others using the organisation’s name for donations.
“We also ensure we keep our ‘antennas’ up for individuals asking donations on our behalf,” he added. - The Straits Times/ANN