In times of trouble, it’s heart-warming to see people band together to help other people who are suffering, a welcome reminder that there’s more good in this world than we may sometimes think. But for every group of people trying to make a difference by doing good deeds, there’s another group of people doing bad deeds, and the only thing they want to make a difference in is your wallet – and if they can perpetrate some profitable cybercrime at the same time, they won’t hesitate to capitalise on the opportunity, which has resulted in a host of fresh Ukraine charity phishing scams.
It’s unfortunate that tragedies like Russia’s invasion of Ukraine can lead to increase in cybercrime like phishing, but it is the sad truth. Scammers started working on fleecing sympathetic people right away, just like they do whenever there’s a crisis. Russian cybercriminals got right to work too.
Phishing attacks from Russia-based sources have boomed, increasing eight-fold since their attack on Ukraine began. Suspected Russian threat actors also used a stolen legitimate Ukrainian military email address to phish EU personnel working on the scene in Ukraine. Bad actors know that tumultuous times are golden opportunities for social engineering with loads of victims ripe for the picking. With people already unsettled, the bad guys just have to push a little bit to put their victims where they want them.
This was evident from the start of the COVID-19 pandemic, as COVID-19 themed phishing scams bombarded inboxes using fake COVID-19 tracking maps, spoofed government notices, bogus company policy updates and other scams to phish for credentials and spread malware like ransomware. Another major wave of scams hit with the Omicron variant, with email phishing abounding using even more ghoulish lues like spurious layoff or termination announcements, malicious exposure notices and even false information about funeral expense assistance.
Now the bad guys are back at it, and a Ukraine charity phishing scam is sure to be popping up in an inbox near you soon. Make no mistake – scams like these are just as much of a risk to businesses as they are to consumers. With the lines between work and personal devices becoming more invisible every day, chances are high that employees are using work devices for personal business like charitable donations. Plus, with millions around the world still working from home, cybercriminals will be quick to exploit the fact that remote workers are more susceptible to phishing than office workers. Altogether, this is the perfect opportunity for cybercriminals to do a little phishing.
Please don’t let the fact that there are bad actors exploiting this tragedy put you off from helping the millions of Ukrainian victims of Russian aggression. The US Federal Trade Commission (FTC) has guidance available for spotting fake charities.
Fake Email & Website Phishing
There are a host of scams in action doing some old-fashioned email phishing, clever spoofing and malware distribution that are risky for both individuals and businesses. Here are a few Ukraine charity phishing scams to be on the lookout for to avoid ending up on their hooks.
- Approach emails asking for help for very specific population segments or causes, like orphaned children or homeless pets with extreme caution. While most are generic (everyone wants to help kittens and kids), some of these are tailored spear-phishing efforts. It’s not hard for bad actors to find out what their target is interested in from their social media accounts to up the chance that they’ll successfully snatch the recipient’s credentials.
- Of course, beware of malicious attachments purporting to share things like war photos, maps, and in one scam, information about companies that are still doing business in Russia. Of course, the only thing these attachments have to offer is malware including ransomware.
- Be on the alert for sophisticated emails loaded with legitimate-looking formatting like the Ukrainian flag and fancy logos that are supposedly from humanitarian organizations including fake UNICEF and UNHCR abound.
- Analysts warn of a scheme that uses a Microsoft sign-in theme. In the bogus email, users are warned that there have been unauthorized log in attempts on the recipient’s account, and the location of those attempts was listed as “Russia/Moscow”. The user is urged to update their login info, giving the bad guys their credentials.
- Another Ukraine email phishing scam discovered in the wild targets organizations in the manufacturing sector for malware using a .zip attachment named “REQ Supplier Survey”. The attackers ask recipients to fill out a survey concerning their backup plans in response to the war in Ukraine. When the target proceeds to open the attached survey, the malicious payload is downloaded and deployed from a Discord link immediately. This attack aims to infect recipients with two well-known remote access Trojans – Agent Tesla and Remcos.
- Fake charity websites are popping up, too. MSN reported that researchers had discovered a handful of sites decked out in trappings like Ukraine’s colours and war or refugee images that solicit donations but are actually scams. Sites like these often host ransomware.
