Financial Crime World

Morocco Earthquake: French Red Cross Impersonated in Financial Scam

In the aftermath of Morocco’s recent earthquake, cybercriminals took advantage of the tragedy to orchestrate a financial scam, registering domains that impersonated the French Red Cross (Croix Rouge Française). This incident underscores the importance of domain monitoring for safeguarding organizations and consumers from deceitful activities.

Details of the Scam

Cybercriminals registered two fraudulent domains: croixrougefrancaise.fr and alerteseisme.fr. The former domain allegedly redirected to the latter domain, which offered relief equipment to earthquake victims.

  • The International Red Cross and Red Crescent Movement, of which the French Red Cross is a part, provides humanitarian assistance, including disaster response.
  • In response to the Morocco earthquake, the Croix-Rouge Française is currently offering relief efforts.
  • Criminals exploited this by using the term “alerte seisme” (earthquake alert) and the organization’s name in their scheme.

Both domains were registered by the same user, who used a Parisian postal address, an email address, and a phone number previously associated with 400 other companies. The shopping website, built using Shopify, offered a single product: a fraternity tent sold under emotive language. The image used on the site was discovered on an AliExpress product listing.

Users were then directed to a form requesting credit card information, shipping addresses, and email addresses, potentially exposing sensitive data and enabling theft.

Multifaceted Fraudulent Scheme

Additionally, a fraudulent Facebook page was created on the same day as the domain registrations, linking to the scam website. The page promoted earthquake detectors but contained a hidden “order” button leading to the tent purchase page.

LinkedIn Donation Attempt

One French LinkedIn user reported attempts by the fraudsters to collect donations on the platform. Though LinkedIn took swift action to remove the campaign, no information about its success is available.

History of the croixrougefrancaise.fr Domain

The domain was first registered in September 2023 but previously used from August 2021 to August 2022 and from January 2008 to December 2013. However, there is no evidence connecting the domain to the French Red Cross during these periods. Previous usage raises concerns about potential abuse, especially if the promotion of the domain had been mentioned in online articles.

Importance of Domain Monitoring

In light of such evolving cybercrime tactics, domain monitoring is essential for both organizations and consumers:

  1. Protect your brand: Closely monitor domains containing full brand names like “Croix Rouge Francaise”.
  2. Whois information: Keep crucial information up-to-date and visible in the “Whois” information.
  3. Never drop your domain names: Safeguard and never allow domain name registrations to lapse.
  4. Set up alerts for expiration: Be notified when domain registration deadlines approach.

Conclusion

We express our gratitude to Nicolas Pawlak from Red Flag Domains for bringing the fraudulent croixrougefrancaise.fr domain registration to our attention. Further information on detecting and preventing phishing attacks can be found in our domain monitoring guide.