The FBI recently issued an announcementabout a fraudulent scheme that proves there is no low that’s too low for scammers.
“Criminal actors are taking advantage of the crisis in Ukraine by posing as Ukrainian entities needing humanitarian aid or developing fundraising efforts, including monetary and cryptocurrency donations,” the FBI said.
Scammers have always followed where the money is, even if that money is for aiding those most in need. In this case, fraudsters have banked on the widespread sympathy for Ukraine as a way to make a buck.
Malwarebytes Labs had seen its fair share of Ukraine charity-centric scam sites popping up.
Days after Russia invaded Ukraine, we spotted a spam campaign titled “Donate to Help Children in Ukraine.”Apart from a stretched Ukrainian flag as the email header, there is almost nothing you can criticize about the email itself, as the usual red flags are missing.
A month after, fundraising scamswere all over the place. We weren’t surprised to see phishers and scammers leading the pack when it comes to registering domains with “Ukraine” in them, as reported by Tessian. The company noted a 210 percent increasein registered domains with this pattern compared to last year, with 77 percent of them appearing suspicious based on early indicators.
Days before May, our Threat Intelligence team spotted a fake USA for UNHCR (United Nations High Commission for Refugees)website, which was part of a phishing campaign that started as a spam email using a spoofed address, calling on recipients to donate to Ukraine. The fake site asks for a potential donor’s full name, email address, and country of residence. Unlike its legitimate counterpart, this fake site also wants you to donate bitcoins.
The FBI listed some tips so users can protect themselves against such scams:
- Be suspicious of emails, SMS messages, and social media posts from organisations encouraging you to donate. (You can check them against a databaseof legitimate charities, with their actual URLs.)
- If a donation site asks you to donate in cryptocurrency, double-check the wallet address against official cryptocurrency wallets before donating.
- Never reply to correspondences from someone purporting to be Ukrainian entities asking for humanitarian aid.
Lastly, if you think you have been a scam victim, file a report with the FBI’s Internet Crime Complaint Center (ICCC).