War as a Hook: How Fraudsters Are Using the Israel-Iran Crisis to Target Netizens

Whenever global tensions escalate, scammers are close by, adapting their pitches.

As headlines about the Israel/US-Iran conflict spread across news platforms, inboxes quietly began filling with something else: offers of multi-million-dollar donations, secret political funds, stranded military fortunes, and urgent investment opportunities tied to the war.

We’ve analyzed several variants already — at least seven distinct versions — all exploiting the same geopolitical crisis. Different characters. Different amounts. Same scam.

And what we’re seeing suggests this may be only the beginning.

Key Findings

• Bitdefender Antispam Lab researcher Viorel Zavoiu uncovered at least seven distinct scam email variants exploiting the Israel/US-Iran conflict
• All samples follow classic advance-fee fraud mechanics, despite their differing storylines
• The narratives appear recycled from older “Nigerian prince”–style templates, updated with current geopolitical references
• Execution is sloppy and inconsistent, suggesting an early testing or prototype phase
• Multiple emotional triggers are being tested, including charity, inheritance, military authority, urgency and investment opportunities
• We expect the emergence of more refined versions, including fake charity campaigns

The Seven Variations We’ve Identified

The emails don’t follow a single storyline. Instead, they recycle multiple well-known fraud narratives, inserting references to the conflict to make them feel timely.

Among the samples analyzed:

• A supposed Powerball winner donating $2.5 million to “randomly selected individuals” to help displaced war victims
• A terminally ill man writing from his hospital bed, giving away €1.7 million before surgery
• A “government representative” seeking assistance to relocate $1.9 billion due to instability in Iran
• A lawyer claiming to represent the family of a deceased Iranian political figure killed in US–Israeli strikes
• A US Army general needing help moving consignment trunks out of Syria
• A US Airforce soldier stationed in Iran who allegedly discovered $25.8 million
• A Tehran-based investor seeking to relocate “huge capital” abroad due to airstrikes

On the surface, the messages vary widely, but they are all classic advance-fee scams.

Here are some of the narratives used:

Version 1:

Hello Friend,
 
I apologize for intruding on your privacy in this way. I found your name listed in the Trade Centre Chambers of Commerce directory here in Syria. I am pleased to propose a business partnership with you. I only hope that your address is still valid.
 
I am Major General [redacted], US Army, currently serving with a peacekeeping force in Syria, alongside US intervention troops.
 
I have two consignment trunks that I want to move out of this war zone to a safe country due to the ongoing conflict between Israel/USA, and Iran. This is because the U.S. is planning to withdraw about 1,000 remaining troops from Syria after this conflict. I'll provide you with more details when I see your readiness to assist me in receiving and safeguarding them until I return, which is in less than two months.
 
Thanks for your acceptance. God bless you and America!!

Version 2:

Dear Sir/Ma,

My name is [redacted], lawyer to the elder son of late President Ali Hosseini Khamenei (Mr.Meysam khamenei ).It is never a news that his father was called to mother earth 28 February 2026  due US-Israeli strikes.

For a clear picture, you can view the website below.

We are urgently in search for a trustworthy person who is ready to stand as a business partner and make claim of secret funds deposited by her late mother who dead three days after her husband with security company in Turkey and he is 100% ready to part with 70% with any interested person.

At this juncture, I  strongly needed us to act fast, not to lose the funds to top officials of the security company in Turkey who are now raising eyebrows due to the present situation in Iran.

Upon your response, I will be sending you a detailed understanding on this.
I wait to hear from you.

Sloppy Execution Suggests a Testing Phase

The samples we reviewed are riddled with:

• Grammar mistakes
• Inconsistent identities
• Timeline errors
• Contradictions
• Recycled storylines straight out of early 2000s inheritance-style scam templates

In some cases, the structure mirrors traditional “foreign official needing help moving funds” scams almost word-for-word, with only the geopolitical context swapped out.

This sloppiness is telling. It suggests this isn’t yet a polished, large-scale campaign. Instead, it looks like an early testing phase.

Fraudsters often push out multiple rough versions of a script to see which narrative generates replies. Once they identify the most effective emotional hook, they refine and scale it. In other words, these seven versions may be prototypes.

Why Use War as a Hook?

Conflict creates the perfect emotional environment for fraud:

• People are paying attention
• News is evolving rapidly
• Information is fragmented
• Fear and sympathy are heightened
• Financial instability feels plausible

By referencing real events, scammers add just enough realism to anchor an otherwise unrealistic story.

What Happens If Someone Replies?

The first email is only the opening move.

Once a target responds, scammers typically escalate by:

• Requesting personal information
• Asking for “processing fees,” “clearance charges,” or “tax payments”
• Introducing fake banks, lawyers, or security companies
• Demanding shipping costs for ATM cards or “consignment trunks”
• Grooming victims for prolonged financial exploitation

Even if no money is sent initially, personal data alone can be monetized or used for future attacks.

Expect More Versions and Charity Scams

If history repeats itself, this wave will evolve.

Major global events and crises have repeatedly triggered waves of fraud that piggyback on real-world suffering and humanitarian goodwill, and we’ve seen this pattern before:

• During the Israel–Gaza conflict, scammers flooded inboxes with fake donation solicitations tied to the war narrative, promising victims could donate or benefit financially while exploiting the humanitarian crisis. Bitdefender documented this trend early on and noted that, as the conflict continued, fraudsters adapted their stories and donation requests to the latest news updates.
• After the devastating earthquakes in Turkey and Syria, cybercriminals were spotted taking advantage of people’s empathy by posing as charity representatives and asking for donations via fake organizations, just hours after the disaster struck. Our report highlighted how quickly fraudsters began exploiting that crisis and warned that more misleading and fraudulent messages were likely to follow.
• During the war in Ukraine, Bitdefender Labs tracked increased scam and malicious activity leveraging the conflict, including charity-related phishing, “Nigerian prince”-style advance-fee fraud variations, and attempts to spread malware under the guise of humanitarian requests. Our analysis traced how cybercriminals quickly adapted to real-world events to target netizens’ empathy and trust.

Given the unpolished nature of the current samples, we expect:

• More refined language
• Professionally spoofed domains
• Fake charity websites
• Social media amplification
• Better-crafted impersonation of legitimate organizations

What we’re seeing now may be the testing stage before broader deployment.

The Red Flags Remain the Same

Even when scammers update the storyline, the fundamentals rarely change:

• Massive sums offered to strangers
• Unsolicited contact
• Requests for personal details
• Emotional manipulation tied to global crises
• Pressure to act quickly

Legitimate governments, military officials, philanthropists and investors do not randomly email netizens offering millions of dollars.

If the message sounds like a dramatic war thriller involving secret funds and urgent relocation, it’s almost certainly fiction.

How to Stay Ahead of Crisis-Driven Scams

When major world events dominate the news, assume scammers are adapting.

A few practical rules help:

Slow down when urgency is used as leverage.
War-based narratives are designed to override rational thinking.

Never share personal details with unknown contacts.
Even a simple reply confirms your email is active and monitored.

Verify independently.
If an email references breaking events, check trusted news outlets yourself.

Use tools that analyze suspicious messages.
If you’re unsure, free services like Bitdefender Scamio can help evaluate suspicious messages before you engage.