Warning: Cybercriminals Use Phishing Scams Following Syria-Turkey Tragedy

Following the recent earthquakes in Syria-Turkey, security experts have warned of phishing scams launched by cybercriminals to deceive people into donating to fake causes. These scams take advantage of people’s generosity and willingness to help those affected by the disaster. They may come in the form of emails or social media messages that appear to be from legitimate charities or relief organizations, but in reality, are fake.

One phishing scam spotted by Bitdefender Antispam Lab saw scammers pose as representatives from a Ukrainian charity foundation seeking funds to help those affected by the natural disasters. These scams typically seek to raise money for survivors left without basic necessities such as heat or water, following the earthquakes which have killed more than 35,000 people. However, instead of helping those in need, scammers divert donations away from legitimate charities and into their own PayPal accounts and cryptocurrency wallets.

Scammers are using a variety of tactics to carry out their schemes. For example, on TikTok Live, some content creators are posting photos of devastation, looped footage, and recordings of TV shows featuring actual rescue efforts while soliciting donations and misleading viewers. Similarly, scammers are planting artificial intelligence-generated images on social media sites, which people who want to help are sharing on TikTok and Twitter, unknowingly furthering the scam efforts. These images contain captions soliciting donations, including links to cryptocurrency wallets.

Cybercriminals also create fake fundraising accounts on Twitter and post links directly to PayPal. To gain visibility, these accounts retweet news articles and reply to tweets by celebrities and businesses. Scammers that create fake disaster relief accounts often appear to be legitimate organizations or news outlets but will then redirect funds to their own PayPal addresses.

It is not uncommon for scammers to reuse the same crypto addresses and websites to defraud people in the wake of any breaking news story. To avoid scams and donate safely, individuals should remain cautious as these misleading and fraudulent messages are expected to increase in the coming days. Fraudsters exploit people’s vulnerabilities and emotions after a natural disaster, using the online community’s empathy to steal personal information and money. While these schemes are not new, they can still be effective in stealing money from unwary and kind-hearted individuals.

We urge users to remain vigilant and exercise caution before submitting charitable payments through unsolicited correspondence. Poorly edited, unofficial-looking messages, and the presence of crypto wallets are big red flags, and users should take extra care. People seeking to help those in need should research official charity organizations and contact them directly via official channels. Users can look up charities on their national charity register, such as the United Kingdom Charity Register or the IRS in the United States. If there is any suspicion of a scam, users should report it to Action Fraud in the U.K. or the relevant social media platform.

Threat actors are continuously making their phishing campaigns more realistic and harder for users to detect. Users should always thoroughly check email content they receive against the list below before clicking on any links or opening any attachments.

The Critical Start Cyber Threat Intelligence (CTI) team recommends communicating the tips below to your workforce to help them better recognize phishing emails:

• Always check the “From” email address for signs of Fraudulence.
• Watch for misspellings or incorrect logos (ex. Southwest (legitimate branding) vs. SouthWest).
• Be suspicious of all hyperlinks and documents.
• Check if the URL leads to the website you would expect based on the sender.
• Do note open any attachments until you are 100% sure the sender is legitimate.

• If a user opens an attachment and there is an additional “open” button they must click on to receive attachments from the cloud, then do not click “open!” Immediately reach out to the sender to validate the attachment and contents.
• Users should avoid opening suspicious attachments or links to prevent any kind of infection.  
• Be skeptical of urgency — it’s a common characteristic of phishing.
• Be cautious of any emails that land in your inbox outside of business hours.

Scammers will often use emotional language, photos, and videos to play on people’s emotions. Some scams may falsely claim to be affiliated with legitimate charities or governments. If individuals are interested in donating through a specific organization, they should look up the charity or government organization’s official website and donate directly to them to ensure that their donation is safe and legitimate.

For more timely cyber threat intelligence updates, follow our Intelligence Hub, and connect with us today to talk about how we can help you simplify breach prevention.