Cyber-criminals have exploited the ongoing crisis in Gaza and Israel through a charity scam, targeting 212 individuals across 88 organizations. The attackers, posing as “help-palestine[.]com,” aimed to manipulate sympathy for children in Palestine, urging recipients to contribute to a fraudulent campaign allegedly supporting families.
Furthermore, requests for cryptocurrency donations, ranging from $100 to $5000, were made with wallet addresses for Bitcoin, Litecoin, and Ethereum, and the attackers bolstered credibility by including links to recent news articles highlighting the impact of the conflict on children.
Abnormal Security’s advisory reveals that the attackers strategically employed emotionally charged language, emphasizing the challenges faced by Palestinian children to exploit the heightened emotional response triggered by humanitarian crises.
Additionally, the attackers used inclusive terms to establish a shared identity with recipients. From a technical standpoint, the attackers employed various tactics to conceal their identity, such as spoofing a legitimate email address from Goodwill Wealth Management and creating a non-existent domain, with the actual email address hidden in the reply-to field.
Abnormal’s CISO, Mike Britton, highlighted the difficulty in detecting the attack using traditional email security tools due to its reliance on social engineering and the absence of obvious indicators like payloads or grammatical errors.
Britton emphasized the need for modern, AI-native email security solutions, stating that AI-powered platforms are trained to identify social engineering tactics and can recognize attempts to leverage emotional manipulation for deceptive purposes. Such platforms can also detect and flag mismatches between the sender’s email and the reply-to address, a common tactic employed in these types of attacks.