Cybercriminals Exploit the Moroccan Tragedy in New Scam Campaign

Cybercriminals have always exploited instances of natural calamities to prey on innocent people. This blog post exposes a scam that has taken advantage of the earthquake in Morocco by deceiving users to buy relief equipment purportedly meant to aid quake victims.

The fraudsters registered two domains, one of which impersonates the identity of the French Red Cross (Croix Rouge Française).

Our discovery of this nefarious scheme, in addition to exposing the fraud, also emphasizes the importance of monitoring domain names so criminal attempts to abuse them can be swiftly addressed.

A few days ago, cybercriminals registered the domain croixrougefrancaise.fr, which redirects to another domain, alerteseisme.fr.

The Croix-Rouge Française, also referred to as the French Red Cross, is the French branch of the International Red Cross and Red Crescent Movement. It is a humanitarian organization that provides a wide range of services and assistance to people in need in France and around the world. Propelled by its mission to alleviate human suffering, the organization engages in many activities, including disaster response, which it is currently performing in Morocco.

The scammers used the term “alerte seisme,” which translates to “earthquake alert,” in reference to the earthquake in Morocco.

The same user registered both domain names. While the postal address in Paris provided by the malicious actor does exist, more than 400 other companies have also been using it for the purpose of company domiciliation or as their registered postal address. The malicious actor also used the same email address and phone number to register both domains.

The website content Is straightforward and was built using Shopify, a platform that allows users to run their own online shop (Figure 1).