Cybercriminals who launch phishing campaigns and similar scams sometimes use events in the news to capture the attention of unsuspecting victims. And if they can play on your sympathies at the same time, so much the better. A new round of phishing attacks analyzed by email security provider Tessian aims to steal cryptocurrency under the guise of requesting charitable donations toward the Ukrainian cause.
In a report published Tuesday, Tessian said that it’s discovered an increase in the number of suspicious emails related to Ukraine, with spam campaigns popping up just one day after Russia’s initial invasion. At the same time, the number of new website domains containing the word “Ukraine” has risen 210% this year compared with 2021. Among the 315 new such domains seen each day since February 24, more than 75% of them seem to be suspicious, according to Tessian.
The phishing emails observed by Tessian capitalize on the old donation scam tactic but use the invasion of Ukraine as the draw. As the war has continued under heavy Russian attack, many humanitarian groups have been seeking donations to help Ukraine, making this an area ripe for exploit. The donation scams vary from basic emails with a short message asking for help to entire websites set up to impersonate charitable organizations such as the British Red Cross.
One phishing email impersonating the Australian Council for International Affairs requests donations toward Ukraine in the form of Bitcoin cryptocurrency. The message contains a Bitcoin address that you can click as well as a barcode for you to scan. Anyone who takes the bait is prompted to install a Bitcoin payment app called Cash App. From there, the criminals behind this campaign steal whatever amount of cryptocurrency you donate.
Another phishing campaign sent from a new domain spoofs the Red Cross in Ukraine. The email includes a link to a website with details on the conflict and steps on how to donate cryptocurrency to help Ukraine. Clicking the link take you to the site with three links for various kinds of cryptocurrency payments–Bitcoin, Ethereum and Tether. Again, any donations go into the pockets of the scammers.
Beyond these donation scams, criminals are adopting other themes. In one notable campaign, spam with links to suspicious e-commerce sites popped up a day after the initial attack. The sites hawk several items, including t-shirts that say, “I Stand With Ukraine.” Reviews for one site in particular accuse it of running a scam, saying that people who pay for the items receive no product.
How to find legitimate donation sources
Donating to the Ukrainian effort is certainly a worthy cause. But how do you make sure your donation is going to a legitimate source? Tessian offers a few tips.
- Be wary of emails requesting cryptocurrency donations. Some charities do accept donations of cryptocurrency. But be skeptical of any unsolicited emails requesting donations to support the Ukrainian humanitarian effort, as they’re likely to be scams.
- Check the source. Before you respond to any Ukrainian-themed email, check the source and the email header to make sure that the sending organization is legitimate.
- Go directly to the source. If you wish to donate money to support Ukraine, your best bet is to head directly to the websites for specific charitable organizations. A list of such organizations from CNET can help you find the right legitimate ones.
To help protect your users from falling prey to tactics such as those described here, check out this Security Awareness and Training policy from TechRepublic Premium.