Less than 24 hours after two massive earthquakes claimed the lives of thousands of people in Turkey and Syria, cybercrooks are already piggybacking on the humanitarian crisis.
Cybercriminals never take a break from defrauding internet users, and the latest attempts spotted by Bitdefender Antispam Lab show, once again, just how unscrupulous they can be.
While thousands of people were killed and tens of thousands more are left scouring crumbled buildings in search of those caught under the rubble, fraudsters are targeting the generosity of people around the world who wish to make a small contribution to victims of this disaster.
The scammers pose as representatives from a Ukrainian charity foundation that seeks money to help those affected by the natural disasters that struck in the early hours of Monday.
“We are launching support the people of Turkey and Syria who have been hit badly with The Ongoing Earthquake, this has displaced many families and children, leaving them homeless.
WLADIMIR FOUNDATION has taken it upon herself to render first hand Aid on ground to help as many people as possible..
We are urging you to please donate to Victims”
This first batch of analyzed samples targeted recipients in South Korea (49%), Vietnam (19%), the US and India (with 7% each), Denmark (3%), Ireland (2%), and Germany and the UK (with 1% each), with most of the scam emails originating from IP addresses in Pakistan.
According to our research, these scammers are using a fictitious Ukrainian-based charity to lure victims. The domain hosting the so-called Wladimir Charity Foundation was created on Oct. 3, 2022, and is already blacklisted by our anti-spam and anti-fraud filters.
The fake charity, initially set up to assist victims of war-torn Ukraine, seems to have shifted sides for the moment, opening its crypto wallets to donations for victims of the devastating earthquake.
Although it claims to be “the leading online fundraising platform in Ukraine,” a quick overview of the platform only shows $4,000 in donations for the Ukrainian Armed Forces.
However, one of the BTC crypto wallets shows older transactions of up to $100,000 beginning in May 2021.
The crypto wallets and name of this phony charity were also used in a previous spam campaign seeking aid for Ukrainians displaced by the war. Our researchers noted that a similar ruse was making rounds starting Dec. 29, 2022.
This is just an early example of a flood of misleading and fraudulent messages yet to come. Fraudsters always try to advantage of individuals’ vulnerabilities and feelings after natural disasters strike, exploiting the empathy of the online community to steal personal info and money.
While these insidious acts are nothing new, they can be quite effective in stealing money from unwary and kind-hearted individuals.
We urge users to remain vigilant and think twice before submitting any charitable payments via unsolicited correspondence. Poorly redacted, unofficial-looking messages and the presence of crypto wallets are big red flags, and users should proceed with caution. People seeking to help those in need should research official charity organizations and contact them directly via dedicated, official channels.
Update 8 February 2022:
A new wave of fraudulent e-mail based charity scams exploiting the much needed humanitarian aid in Turkey and Syria have been rounds this morning, according to Bitdefender Antispam Lab telemetry.
Scammers claim they are a world charity organization in collaboration with UNICEF and call for donations in support of the affected children and families in both countries.
The fraudulent emails were sent from IP addresses in Germany and Malaysia and mainly targeted recipients in the UK (55%) and the US (23%).
Germans also received 5% of the scam emails alongside Ireland with 3%, and Australia and South Africa with 2% each.
Unlike previous attempts spotted by our researchers, recipients are asked to send an email to the organization for more details on how they can donate. While the ‘charity’ does claim it accepts donations in cryptocurrency, the email body does not include any crypto wallets that recipients can use. By interacting with the scammers, users are not only confirming the validity of their email address, making them prone to more future attacks, but risk giving out more than they bargained for: personal info and even financial information.