Conflict is a boon for opportunistic fraudsters. Look out for their ploys.
It didn’t take long for tensions in the Middle East to spill over into the cyber domain. There’s been significant disruption of a major US medtech provider, the compromise of OT assets in US critical infrastructure, and ongoing ransomware attacks on businesses by Iran-nexus groups. But what about regular internet users? The truth is that geopolitical tension and conflict offers potentially rich pickings for opportunistic online scammers.
Fraudsters know that these events are a great way to grab the attention of potential victims, and exploit their fear and sympathy in equal measure. The backdrop of geopolitical turmoil, whether it’s Ukraine or Iran, adds weight to the stories they spin in order to achieve their goals.
What scams prosper in times of turmoil?
Whatever tactics they choose, the end goal is usually the same: to harvest your credentials and/or personal and financial data, or to trick you directly into making payments to non-existent entities. These are not novel techniques. They’re tried and tested and could come via email, text, social media, or phone call. What’s different is the lure — specially crafted for timeliness and maximum impact.
Watch out for the following scams:
Fraudulent charges
You receive a call or text from a bank or trusted company informing you of non-existent charges related to “Iran” on your account. According to the FTC, you might then be put on to a government official who convinces you to hand over your bank account details.
Romance fraud
Romantic-themed scams are a big money-maker for fraudsters. According to the FBI, they generated over $929 million in illegal profits last year. In this new take, a romantic contact you met online may claim to be a soldier deployed to the Middle East who now needs cash to deal with an emergency.
Fake charities
Geopolitical turmoil often leads to human misery, which tends to pull at the heartstrings. Legitimate charities may solicit donations to support innocent citizens caught in the crossfire. Scammers know this and will create their own fake charities — or impersonate legitimate ones — to collect donations. They may have professional-looking websites designed to add credibility to their requests. If you fall for these scams, you’ll end up handing over your money, your card details, or both.
Travel scams
Military conflict can often result in sudden flight cancellations, border checks, and other travel-related disruption. Scammers take advantage of this by impersonating airlines and government agencies. They might offer streamlined visa processing or refunds on booked flights and accommodation, while their real goal is capturing your personal and financial details.
Investment fraud
Investment scams raked in more money than any other type of cybercrime last year — over $8.6 billion, according to the FBI. Scammers leverage geopolitical instability here by claiming to offer guaranteed returns as a hedge against inflation or market instability.
Sensational (fake) news
Political and social unrest generates a great deal of click-worthy content. The problem is that some of it is completely fake. Scammers use sensationalist “leaked videos” and “breaking news” stories to lure you into clicking on malicious links. The most likely result is an infostealer landing on your phone or computer — malware designed to harvest passwords, record keystrokes, and even steal session cookies to bypass multi-factor authentication (MFA) on your accounts.
Advance fee fraud / 419 scams
This is perhaps one of the oldest scams in the book. You receive a message out of the blue from someone you’ve never met, with a fantastical story about sharing their riches if you can pay a small upfront fee for some kind of administrative process. This template is already being repurposed for the current conflict in the Middle East.
How to spot scams like this
Thanks to generative AI tools, it’s easier than ever for scammers to create highly convincing written content, videos, and websites. But there are tell-tale signs to watch for:
- Offers of large sums of money that are too good to be true
- Unsolicited contact via email, SMS, messaging app, phone call, or social media
- Requests for personal and financial information
- Attempts to force a quick decision, either by ramping up urgency or appealing to your emotions
Responding to conflict-fueled scams
With the above in mind, it should be easier to spot warning signs that something doesn’t quite look or sound right. A good rule of thumb is never to click on links or open attachments in unsolicited messages, even if they look convincing and appear to come from a trusted source. If you want to verify whether a message is genuine, check independently with the sender — don’t reply directly or use contact details provided in the message itself. If it’s a news story, go directly to your preferred news outlet.
Be cautious of social media accounts, especially those that appear to be customer service accounts for airlines and similar organizations. These are easier to set up than you might think, and platform providers are always a step behind in taking them down. And it goes without saying that you should never hand over sensitive information over the phone.
The next piece of advice may be the most difficult: try to suppress your instinct to react to emotional pleas from “charities” or urgent requests to act. The reason fraudsters use these techniques is because they work. They’re designed to turn our humanity against us.
As an extra layer of defense, ensure all your computers and devices are protected with anti-malware, including anti-phishing capabilities from a trusted vendor. That should help filter out the majority of scams. The rest is down to you.
According to a new report from the Global Initiative Against Transnational Organized Crime, “fraud is a crime that is not only economically driven, but politically shaped.” This is unlikely to change anytime soon — but it doesn’t have to be you that ends up a victim.
