Scammers First on the Scene for Türkiye’s “Disaster of the Century”

Share On Facebook
Share On Twitter
Share On Linkedin

Author: Kathleen Persighetti

 

On Monday morning, Türkiye, frequently referred to as Turkey, was hit with one of the deadliest earthquakes the world has seen in 80 years. As of 9 February, the death toll had surpassed 20,000 people.1 Since the quake hit in the early morning hours, many people were still in bed and are now trapped underneath rubble. Deadly disasters like these are a breeding ground for cyber criminals, who have jumped at the opportunity to take advantage of individuals seeking to send aid to the struggling victims.

Almost immediately after the disaster was announced, online scams claiming to provide aid to the victims of the earthquake began appearing. An email phishing campaign from a counterfeit organization called the Wladimir Charity Foundation attempted to collect cryptocurrency funds that they claim will help homeless families and children. The campaign began circulating within 24 hours after the earthquake struck.2 Another scam used Twitter to ask for donations via PayPal. The cybercriminals deposited $500 into the account to make the account appear more legitimate.3 However, PayPal has not operated in Turkey since 2016, so any charity that seems to be Turkish and is asking for donations via PayPal is most likely fraudulent.

The Infoblox Threat Intelligence Group has found over 150 fraudulent web pages related to this disaster thus far. Many display images of children in crisis and ask for donations through a QR code, TWINT, PayPal, or other online fund transfer methods. A list of the current domains that Infoblox has flagged as malicious or suspicious can be found at our public Github repository here, we have also added a separate list of legitimate donation sites. The images below are screenshots of fake donation sites.

As we saw with the invasion of Ukraine, cybercriminals are quick to act and produce material that is very hard to distinguish from legitimate sites.4 In domains related to the earthquake, we have seen malicious domains with the U.S. Federal Bureau of Investigation listed as the registrant, illustrating one tactic they will use to fool people.

Figure 1. Screenshot of help-turkiye[.]com phishing website attempting to collect online donations.

Figure 2. Screenshot of turkeyhelp[.]world phishing website attempting to collect online donations.

Endnotes

  1. https://www.npr.org/2023/02/09/1155647266/turkey-earthquake-erdogan-government-response-criticism
  2. https://www.bitdefender.com/blog/hotforsecurity/cybercriminals-exploit-human-misery-in-earthquake-hit-turkey-and-syria-with-new-online-disaster-scam/
  3. https://www.bleepingcomputer.com/news/security/paypal-and-twitter-abused-in-turkey-relief-donation-scams/
  4. https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/newly-observed-domains-and-the-ukraine-war/

Labels:

Infoblox Threat Intelligence Group

With over 50 years of combined experience, the Infoblox Threat Intelligence Group creates, aggregates and curates information on threats to provide actionable intelligence that is high-quality, timely and reliable. Threat information from Infoblox filters out false positives and gives you the information you need to block the newest threats and to maintain a unified security policy across the entire security infrastructure of your organization.

View All Posts

You might also be interested in

You might also be interested in

×