Cyber scams are exploiting Türkiye-Syria earthquake relief efforts. Here’s what to know

Humanitarian assistance has poured into south-eastern Türkiye and north-western Syria after a devastating earthquake hit the region earlier this month. Yet experts are warning that cybercriminals and scammers are taking advantage of the urgent need for aid, launching fake online donation platforms and charities to swindle donors out of their money.

“Unfortunately, people with less charitable ambitions have decided to exploit the resulting outflow of support for this tragedy and deceive people’s good will to make a quick profit,” Cofense, an email security company, said in a recent statement.

Following the earthquake, Cofense reported an uptick in email phishing scams urging people to donate to spurious aid groups with cryptocurrencies. The malicious emails used emotional language and deceptive imagery to evoke sympathy, the company found.

“We urge users to be vigilant and ensure with full certainty that any donations are being made to legitimate organizations,” Cofense’s statement added.

Scammers have also taken to social media platforms to profit off of the earthquake, which has so far killed nearly 46,000 people and displaced millions across Türkiye and Syria.

On Twitter and TikTok, for instance, scammers have circulated appeals for donations to fake charities, according to a BBC investigation. Many of the posts, the investigation found, used imagery that was unrelated to the earthquake and included links to fraudulent PayPal accounts and cryptocurrency wallets. Scams have also circulated on Telegram and Facebook, according to other expert analyses.

“We are deeply saddened by the devastating earthquakes in Türkiye and Syria and are contributing to aid earthquake relief efforts,” a TikTok spokesperson said in a statement. “We're also actively working to prevent people from scamming and misleading community members who want to help, and are reminding viewers to report suspicious behaviour as we do our part to keep people safe during this difficult time.”

Meanwhile, a PayPal spokesperson said in a statement that the company is “always working diligently to scrutinise and ban accounts, particularly in the wake of events like the earthquake in Türkiye and Syria, so that donations go to intended causes.”

The Türkiye-Syria earthquake is far from the first crisis that cybercriminals and scammers have exploited.

During the COVID-19 pandemic online scams were prevalent worldwide. The European Union, for instance, urged online consumers to be on “high alert” for scams during the crisis. In the United States, federal law enforcement officials also warned the public to be wary of charities soliciting donations.

“They are leveraging the COVID-19 pandemic to steal your money, your personal information, or both,” the US Federal Bureau of Investigation said in a statement. “Don’t let them.”

After a disaster strikes, online fraudsters often imitate legitimate charities and aid organizations to deceive the public. Following the devastating 2011 earthquake-tsunami in Japan, for example, scammers attempted to imitate the Red Cross in a fraudulent email campaign. Other more recent examples of disasters that cybercriminals have attempted to exploit include Hurricane Ian in the US and the major flooding in Pakistan in 2022.

“Social engineering tactics are among the most effective attack vectors as they seek to exploit our natural instinct to trust,” said Akshay Joshi, the Head of Industry and Partnerships for the World Economic Forum’s Centre for Cybersecurity. “Charity scams, arguably the most disgraceful crimes, leverage social engineering to exploit the generosity and goodwill of populations as they seek to express their solidarity with those in most need of resources.”

Cybersecurity experts, payment platforms and law enforcement agencies maintain numerous tips and recommendations to help mitigate the threat of online donation scams.

This includes being wary of mimic branding and other red flags like websites or social media posts with inaccurate spelling and obscure links. Experts also urge the public to research charities before making a donation to ensure the organization is properly registered with regulators and has a track record of legitimate aid work. Government databases or public charity review websites can be a useful tool to verify an organization, officials say.

Moreover, authorities urge the public to avoid giving unnecessary personal information and avoid making donations with unsecure or untraceable payment methods. Credit card payments on official platforms, experts say, is the safest option.

Authorities also urge caution when donating with cryptocurrencies. However, secure cryptocurrency donations made to legitimate aid organizations can be a quick and effective way of getting money into disaster areas.

Chainalysis, a major blockchain data platform, reported recently that an estimated $5.9 million in cryptocurrency donations have been made so far to support the Türkiye-Syria earthquake relief efforts. Humanitarian organizations that have received the crypto funds include the Turkish Red Crescent and Save the Children, among others. Chainalysis also reported that it had identified 18 suspected scam donation addresses tied to the earthquake disaster, but noted that they had received only a few hundred dollars.

“It is crucial that donors validate the legitimacy of the charities they channel their support to and stay cautious of non-traditional payment methods,” Joshi added.