SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States
Moody laptop dark desk phishing inbox shadowy hand global cyber threats
#
Phishing
#
Physical Security
#
Email Security

Israel-Iran conflict exploited in fresh email scam wave

Thu, 5th Mar 2026
Author image
By Sean Mitchell, Publisher

Fraudsters are using the Israel-Iran conflict as a new hook for advance-fee scam emails, according to analysis from Bitdefender's Antispam Lab. The lab has identified multiple variants circulating in inboxes.

The messages use familiar "Nigerian prince" tactics updated with references to war, airstrikes, displaced civilians, and military deployments. They promise large sums and invite recipients to reply-often the first step toward demands for fees or personal information.

Bitdefender researcher Viorel Zavoiu said the lab found at least seven distinct versions tied to the current conflict narrative. The characters and amounts vary, but the structure is the same: money offered to strangers in exchange for some form of participation.

Seven storylines

One version claims to be from a Powerball winner offering $2.5 million to "randomly selected individuals," framed as support for war victims. Another uses a hospital-bed scenario, with a terminally ill sender offering €1.7 million ahead of surgery.

Other variants cast the sender as an official or intermediary seeking help relocating funds due to instability in Iran. One refers to a "government representative" moving $1.9 billion. Another uses a lawyer character who claims to represent relatives of an Iranian political figure said to have been killed in US-Israeli strikes.

Several versions lean on military authority. One presents the sender as a US Army major general serving in Syria who wants help moving "two consignment trunks" out of a war zone. Another claims to be from a US Air Force soldier stationed in Iran who has discovered $25.8 million. A separate narrative features an investor in Tehran seeking to move "huge capital" abroad because of airstrikes.

Two full email samples provided by the researchers show hallmarks of advance-fee fraud: unsolicited contact, abrupt familiarity, and urgent requests. One begins, "Hello Friend, I apologize for intruding on your privacy in this way." It then introduces a supposed military rank and describes consignment trunks to be moved "to a safe country due to the ongoing conflict between Israel/USA, and Iran."

The second sample claims to come from a lawyer and urges the recipient to "act fast" regarding "secret funds deposited" with a security company in Turkey. It also includes obvious errors and internal inconsistencies common in bulk scam mail.

Early-stage signals

Bitdefender describes the current messages as poorly executed. The samples contain grammar mistakes, conflicting details, inconsistent identities, and timeline errors. Some templates also closely mirror older inheritance and "foreign official" scams, with only the geopolitical context swapped.

That lack of polish may indicate a testing phase rather than a single, highly organised operation. Scam groups often distribute multiple variants and then refine whichever storyline generates the most responses.

Bitdefender's researchers said the emotional triggers vary across the samples. Hooks include charity and humanitarian claims, inheritance narratives, military authority, urgency, and investment opportunities. These themes are long-standing in advance-fee fraud, but conflict references add a topical angle and can seem plausible to recipients scanning headlines.

What happens next

Advance-fee fraud typically escalates once a recipient replies. The initial message often aims to confirm an active email address and identify potential victims. Follow-up emails may request personal information or introduce costs described as processing fees, clearance charges, or tax payments.

Scammers may also build more elaborate exchanges involving fake banks, lawyers, shipping firms, or security companies. Some victims are drawn into longer-running schemes, with repeated payments demanded over weeks or months. Personal data shared early can also be reused for further fraud attempts or sold on.

Bitdefender expects the current wave to evolve, with more coherent language and more credible impersonation. The lab also anticipates a shift toward charity-related fraud, including professionally spoofed domains, fake charity websites, and broader distribution through social media.

Security researchers have recorded similar surges during major crises. Conflict and disaster coverage can heighten fear and sympathy, while also making financial instability seem more believable. Fast-moving news cycles can also make it harder for recipients to verify claims before reacting.

Warning signs

The core indicators remain consistent even as storylines change. Unsolicited contact promising unusually large sums is a common marker. Requests for personal details, pressure to act quickly, and emotionally charged narratives tied to global crises are also red flags.

Bitdefender says legitimate governments, military officials, philanthropists, and investors do not contact strangers with offers of millions of dollars. The firm also warns against replying to suspicious messages, since even a brief response can confirm an address is monitored.

One email reviewed by the researchers ends with an appeal designed to build trust and momentum: "Thanks for your acceptance. God bless you and America!!"

Related stories
GitLab 18.11 adds AI agents for security & pipelines
11:11 Systems named Cohesity's MSP Strategic Partner
Rubrik survey warns of AI agents outpacing security
TeamViewer adds AI maintenance & secure industrial gateway
NTT Research launches Scale Academy with SaltGrain

Top stories

IWF & Cyacomb launch workplace abuse material scans
Cork Cyber adds automated mapping to Vantage platform
Trust fears stall AI projects at medium & large firms
How Atomgate uses education and partnership to drive successful SonicWall upgrades
OpenAI says weekly users top 900 million as AI reshapes work