War as a Hook: How Fraudsters Are Using the Israel-Iran Crisis to Target Netizens

Scammers waste no time exploiting global crises—and the Israel-Iran conflict is no exception. As news spreads, fraudsters quickly adapt their tactics to create urgency, fear, and emotional appeal. Understanding these crisis-driven scams is key to avoiding costly mistakes.

Key Takeaways

• Israel-Iran crisis scams rely on recycled fraud tactics. Scammers use updated “Nigerian prince”-style emails with war-related narratives to make offers seem more believable.
• Advance-fee fraud is the most common scheme. Victims are promised large sums, donations, or investments but must first send money or personal details.
• Multiple scam variations target different emotions. These include fake charities, military stories, inheritance claims, and urgent investment opportunities tied to the conflict.
• Crisis events trigger spikes in phishing and scams. Attackers exploit fear and urgency, leading to a surge in malicious emails and messages during geopolitical instability.

How Israel-Iran Crisis Scams Work and How to Avoid Them

Whenever global tensions escalate, scammers are close by, adapting their pitches.

As headlines about the Israel/US-Iran conflict spread across news platforms, inboxes quietly began filling with something else: offers of multi-million-dollar donations, secret political funds, stranded military fortunes, and urgent investment opportunities tied to the war.

We’ve analyzed several variants already — at least seven distinct versions — all exploiting the same geopolitical crisis. Different characters. Different amounts. Same scam.

And what we’re seeing suggests this may be only the beginning.

Key Findings

• Bitdefender Antispam Lab researcher Viorel Zavoiu uncovered at least seven distinct scam email variants exploiting the Israel/US-Iran conflict
• All samples follow classic advance-fee fraud mechanics, despite their differing storylines
• The narratives appear recycled from older “Nigerian prince”–style templates, updated with current geopolitical references
• Execution is sloppy and inconsistent, suggesting an early testing or prototype phase
• Multiple emotional triggers are being tested, including charity, inheritance, military authority, urgency and investment opportunities
• We expect the emergence of more refined versions, including fake charity campaigns

The Seven Variations We’ve Identified

The emails don’t follow a single storyline. Instead, they recycle multiple well-known fraud narratives, inserting references to the conflict to make them feel timely.

Among the samples analyzed:

• A supposed Powerball winner donating $2.5 million to “randomly selected individuals” to help displaced war victims
• A terminally ill man writing from his hospital bed, giving away €1.7 million before surgery
• A “government representative” seeking assistance to relocate $1.9 billion due to instability in Iran
• A lawyer claiming to represent the family of a deceased Iranian political figure killed in US–Israeli strikes
• A US Army general needing help moving consignment trunks out of Syria
• A US Airforce soldier stationed in Iran who allegedly discovered $25.8 million
• A Tehran-based investor seeking to relocate “huge capital” abroad due to airstrikes

On the surface, the messages vary widely, but they are all classic advance-fee scams.

Here are some of the narratives used:

Version 1:

Hello Friend,
 
I apologize for intruding on your privacy in this way. I found your name listed in the Trade Centre Chambers of Commerce directory here in Syria. I am pleased to propose a business partnership with you. I only hope that your address is still valid.
 
I am Major General [redacted], US Army, currently serving with a peacekeeping force in Syria, alongside US intervention troops.
 
I have two consignment trunks that I want to move out of this war zone to a safe country due to the ongoing conflict between Israel/USA, and Iran. This is because the U.S. is planning to withdraw about 1,000 remaining troops from Syria after this conflict. I'll provide you with more details when I see your readiness to assist me in receiving and safeguarding them until I return, which is in less than two months.
 
Thanks for your acceptance. God bless you and America!!

Version 2:

Dear Sir/Ma,

My name is [redacted], lawyer to the elder son of late President Ali Hosseini Khamenei (Mr.Meysam khamenei ).It is never a news that his father was called to mother earth 28 February 2026  due US-Israeli strikes.

For a clear picture, you can view the website below.

We are urgently in search for a trustworthy person who is ready to stand as a business partner and make claim of secret funds deposited by her late mother who dead three days after her husband with security company in Turkey and he is 100% ready to part with 70% with any interested person.

At this juncture, I  strongly needed us to act fast, not to lose the funds to top officials of the security company in Turkey who are now raising eyebrows due to the present situation in Iran.

Upon your response, I will be sending you a detailed understanding on this.
I wait to hear from you.

Sloppy Execution Suggests a Testing Phase

The samples we reviewed are riddled with:

• Grammar mistakes
• Inconsistent identities
• Timeline errors
• Contradictions
• Recycled storylines straight out of early 2000s inheritance-style scam templates

In some cases, the structure mirrors traditional “foreign official needing help moving funds” scams almost word-for-word, with only the geopolitical context swapped out.

This sloppiness is telling. It suggests this isn’t yet a polished, large-scale campaign. Instead, it looks like an early testing phase.

Fraudsters often push out multiple rough versions of a script to see which narrative generates replies. Once they identify the most effective emotional hook, they refine and scale it. In other words, these seven versions may be prototypes.

Why Use War as a Hook?

Conflict creates the perfect emotional environment for fraud:

• People are paying attention
• News is evolving rapidly
• Information is fragmented
• Fear and sympathy are heightened
• Financial instability feels plausible

By referencing real events, scammers add just enough realism to anchor an otherwise unrealistic story.

What Happens If Someone Replies?

The first email is only the opening move.

Once a target responds, scammers typically escalate by:

• Requesting personal information
• Asking for “processing fees,” “clearance charges,” or “tax payments”
• Introducing fake banks, lawyers, or security companies
• Demanding shipping costs for ATM cards or “consignment trunks”
• Grooming victims for prolonged financial exploitation

Even if no money is sent initially, personal data alone can be monetized or used for future attacks.

Expect More Versions and Charity Scams

If history repeats itself, this wave will evolve.

Major global events and crises have repeatedly triggered waves of fraud that piggyback on real-world suffering and humanitarian goodwill, and we’ve seen this pattern before:

• During the Israel–Gaza conflict, scammers flooded inboxes with fake donation solicitations tied to the war narrative, promising victims could donate or benefit financially while exploiting the humanitarian crisis. Bitdefender documented this trend early on and noted that, as the conflict continued, fraudsters adapted their stories and donation requests to the latest news updates.
• After the devastating earthquakes in Turkey and Syria, cybercriminals were spotted taking advantage of people’s empathy by posing as charity representatives and asking for donations via fake organizations, just hours after the disaster struck. Our report highlighted how quickly fraudsters began exploiting that crisis and warned that more misleading and fraudulent messages were likely to follow.
• During the war in Ukraine, Bitdefender Labs tracked increased scam and malicious activity leveraging the conflict, including charity-related phishing, “Nigerian prince”-style advance-fee fraud variations, and attempts to spread malware under the guise of humanitarian requests. Our analysis traced how cybercriminals quickly adapted to real-world events to target netizens’ empathy and trust.

Given the unpolished nature of the current samples, we expect:

• More refined language
• Professionally spoofed domains
• Fake charity websites
• Social media amplification
• Better-crafted impersonation of legitimate organizations

What we’re seeing now may be the testing stage before broader deployment.

The Red Flags Remain the Same

Even when scammers update the storyline, the fundamentals rarely change:

• Massive sums offered to strangers
• Unsolicited contact
• Requests for personal details
• Emotional manipulation tied to global crises
• Pressure to act quickly

Legitimate governments, military officials, philanthropists and investors do not randomly email netizens offering millions of dollars.

If the message sounds like a dramatic war thriller involving secret funds and urgent relocation, it’s almost certainly fiction.

How to Stay Ahead of Crisis-Driven Scams

When major world events dominate the news, assume scammers are adapting.

A few practical rules help:

Slow down when urgency is used as leverage.
War-based narratives are designed to override rational thinking.

Never share personal details with unknown contacts.
Even a simple reply confirms your email is active and monitored.

Verify independently.
If an email references breaking events, check trusted news outlets yourself.

Use tools that analyze suspicious messages.
If you’re unsure, free services like Bitdefender Scamio can help evaluate suspicious messages before you engage.

Frequently asked questions (FAQ)

What are 5 of the most current scams?

Five of the most current scams include:

• Investment scams (especially high-return promises)
• Phishing and smishing attacks (emails and text messages)
• AI impersonation scams (voice cloning and deepfakes)
• Job and task scams (fake remote work offers)
• Online shopping scams (fake stores and counterfeit goods)

Globally, shopping, investment, and “unexpected money” scams are among the most common.

What are the top 10 scams?

The most widespread scams today include:

• Phishing emails and fake login pages
• Investment scams
• Romance scams
• Job and task scams
• Online shopping scams
• Tech support scams
• Impersonation scams (banks, government, companies)
• Prize and lottery scams
• Subscription/renewal scams
• AI voice and deepfake scams

These scams often combine social engineering with new technologies like AI.

What are the biggest scams in the world?

The biggest scams globally are typically investment scams, impersonation scams, and large-scale online fraud operations. Investment scams alone generate billions in losses annually, with crypto-related fraud accounting for a major share of global scam revenue.

Overall, scams cause hundreds of billions in losses worldwide each year, making them a major global cybercrime issue.

What are the top 5 scamming countries?

There is no official “top 5” list, but global reports and investigations frequently link large-scale scam operations to regions such as:

• Nigeria (advance-fee and romance scams)
• India (tech support and call center scams)
• China (phishing, counterfeit, and large fraud networks)
• Russia (cybercrime and phishing operations)
• Southeast Asia (Cambodia, Myanmar, Laos) (organized scam compounds)

These regions are often mentioned due to organized scam networks, though scams originate worldwide and are not limited to specific countries.