chat
expand_more

Attackers Exploit Middle East Crisis to Solicit Fraudulent Cryptocurrency Donations for Children

Attackers attempt to solicit fraudulent donations via cryptocurrency transfers under the guise of collecting donations for children in Palestine.
November 16, 2023

Threat actors are known to capitalize on geopolitical events to manipulate victims into sending money under the guise of charitable donations, and the ongoing events in Gaza and Israel are no exception.

In a recent charity attack detected by Abnormal, cybercriminals attempted to solicit fraudulent donations by playing on sympathy for children in Palestine. The attackers encouraged recipients to donate funds to the provided cryptocurrency wallet addresses, claiming the money would go to providing basic needs, including water, medical care, and Internet access.

According to our research, the campaign targeted 212 individuals at 88 organizations.

Breaking Down the Cryptocurrency Donation Attack

The email states that an unidentified group (presumably from “help-palestine[.]com”, the sender’s display name) is “launching a campaign to provide vital support” to families in Palestine and invites the target to donate to the cause.

Crypto Donation Attack Email

After asking for contributions ranging from $100 to $5,000, the attacker explains that donations can be made using cryptocurrency and provides wallet addresses for Bitcoin, Litecoin, and Ethereum—three of the most popular digital currencies.

To further increase legitimacy and create one final opportunity to manipulate the recipients, three links to recent news articles discussing the impact of the conflict on children in the region are included at the bottom of the email.

What Makes This Attack Notable

This attack is a perfect example of cybercriminals attempting to exploit the powerful emotional response triggered by humanitarian crises. During natural disasters, national tragedies, or global emergencies, people's need to act and desire to contribute to relief efforts are heightened—making them more susceptible to deception.

Cyberattackers often take advantage of this vulnerability by weaving compelling narratives with requests for donations that appeal to recipients' sympathy. This manipulation is quintessential social engineering, as it preys on the target's goodwill and altruistic tendencies.

The threat actors in this attack deliberately included emotionally charged wording throughout—for example, “children in Palestine face unimaginable challenges daily”, “a lifeline for these children caught in the crossfire”, and “the children in Palestine are dying”. They also used inclusive language, such as “we have the power to make a difference” and “let’s come together,” a linguistic strategy that aims to establish a shared identity between the speaker and the reader and foster a sense of partnership.

From a technical standpoint, the attackers took multiple steps to hide their actual email address. First, they spoofed the sender email address (erode@gwcindia[.]in), which is a valid address for Goodwill Wealth Management, an India-based stock brokerage. Then, to add legitimacy, they changed the display name to “help-palestine[.]com” which is a domain that doesn’t exist. The real address for the attackers, theconollyfoundation@gmail[.]com, is hidden in the reply-to field, which recipients wouldn’t see unless they viewed the expanded email header.

Why This Attack is Difficult to Detect

Older, legacy email security tools like secure email gateways (SEGs) struggle to accurately identify this email as an attack for multiple reasons.

The first is due to the use of social engineering. Social engineering attacks often involve manipulation and deception, exploiting human psychology rather than relying solely on technical vulnerabilities. SEGs have limitations in analyzing and understanding the subtleties of language and human behavior, making it difficult to distinguish between genuine and nefarious intent.

Additionally, the email contains no payloads and lacks obvious misspellings or grammatical errors. Because this attack is entirely text-based and has no clear indicators of compromise such as a phishing link or harmful attachment, it would almost certainly bypass a SEG.

Modern, AI-native email security solutions, on the other hand, utilize the latest machine learning capabilities to correctly identify this email as an attack. Because an AI-powered email security platform is trained to identify social engineering tactics, it recognizes that this email is attempting to leverage emotional manipulation to convince the target to bypass rational thinking and quickly transfer funds. It can also detect and flag the mismatch between the sender’s email and the reply-to address, as this is a common attack tactic.

Preventing Fraudulent Donation Attacks with Behavioral AI

Threat actors will always capitalize on any opportunity to launch attacks that can exploit world events. And with generative AI tools making it easier than ever to create convincing, error-free malicious emails, enterprises can’t rely on legacy email security systems or their employees to consistently recognize these threats.

As such, the only way to prevent a successful attack is by investing in an AI-native cloud email security solution that ensures emails like these never reach end-user inboxes.

To see how Abnormal can help your organization block modern threats, reduce spend, and prevent emerging attacks, schedule a demo.

Schedule a Demo
Attackers Exploit Middle East Crisis to Solicit Fraudulent Cryptocurrency Donations for Children

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Dropbox Open Enrollment Attack Blog
Discover how Dropbox was exploited in a sophisticated phishing attack that leveraged AiTM tactics to steal credentials during the open enrollment period.
Read More
B AISOC
Discover how AI is transforming security operation centers by reducing noise, enhancing clarity, and empowering analysts with enriched data for faster threat detection and response.
Read More
B Microsoft Blog
Explore the latest cybersecurity insights from Microsoft’s 2024 Digital Defense Report. Discover next-gen security strategies, AI-driven defenses, and critical approaches to counter evolving threats and safeguard your organization.
Read More
B Osterman Blog
Explore five key insights from Osterman Research on how AI-driven tools are revolutionizing defensive cybersecurity by enhancing threat detection, boosting security team efficiency, and countering sophisticated cyberattacks.
Read More
B AI Native Vendors
Explore how AI-native security like Abnormal fights back against AI-powered cyberattacks, protecting your organization from human-targeted threats.
Read More
B 2024 ISC2 Cybersecurity Workforce Study Recap
Explore key findings from the 2024 ISC2 Cybersecurity Workforce Study and find out how SOC teams can adapt and thrive amidst modern challenges.
Read More