Cybersecurity researchers have uncovered a charity attack exploiting the ongoing events in Gaza and Israel. Cyber-criminals targeted 212 individuals across 88 organizations, attempting to manipulate sympathy for children in Palestine to solicit fraudulent donations.
The attackers, posing as a group from “help-palestine[.]com,” urged recipients to contribute to a campaign supposedly providing vital support to families in Palestine. The attackers requested cryptocurrency donations, ranging from $100 to $5000, with wallet addresses provided for Bitcoin, Litecoin and Ethereum.
To enhance credibility, the attackers included three links to recent news articles highlighting the impact of the conflict on children.
According to an advisory published by Abnormal Security today, this form of social engineering exploits the heightened emotional response triggered by humanitarian crises, making individuals more susceptible to deception.
The attackers strategically employed emotionally charged language throughout the campaign, emphasizing the challenges faced by children in Palestine and using inclusive terms to establish a shared identity with the recipients.
From a technical standpoint, the attackers utilized multiple tactics to conceal their identity, including spoofing a legitimate email address from Goodwill Wealth Management, an India-based stock brokerage, and creating a non-existent domain. The actual email address was hidden in the reply-to field.
Abnormal’s CISO, Mike Britton, said the attack proved challenging to detect using traditional email security tools, as it relied on social engineering and lacked obvious indicators such as payloads or grammatical errors.
The security expert added that legacy secure email gateways (SEGs) struggle to distinguish between genuine and malicious intent, emphasizing the need for modern, AI-native email security solutions.
“AI-powered email security platform[s] [are] trained to identify social engineering tactics, [so they recognize] that this email is attempting to leverage emotional manipulation to convince the target to bypass rational thinking and quickly transfer funds,” Britton wrote. “[They] can also detect and flag the mismatch between the sender’s email and the reply-to address, as this is a common attack tactic.”