Scammers continue to exploit the crisis in Ukraine, according to researchers at Bitdefender. Over the past week, the researchers believe the fraudsters have adjusted their tactics in response to increased media coverage of these scams.
“Media coverage on Ukraine charity scams have taken off since the beginning of March, and increased consumer awareness of the subject has likely influenced spammers’ strategies,” the researchers write. “The fraudsters behind this next scam impersonate The Courage Fund, a Singapore-based charity foundation established in 2003 when the country was hit by the SARS outbreak. Unlike previously reported schemes which incorporated images of the Ukrainian flag next to fraudulent cryptocurrency wallet addresses, spammers behind this campaign take an alternative route - they ask recipients to contact a GMAIL address.... Once again, scammers use official data on Ukrainian casualties and refugees, and cite a couple of organizations that have publicly announced humanitarian aid and donations to help war victims.”
Bitdefender observed another scam that uses legitimate-looking phishing emails. This scam is impersonating the legitimate United Help Ukraine charity, with a convincingly spoofed donation site.
“A novel approach at swindling good Samaritans was spotted by Bitdefender researchers on March 22,” the researchers write. “The threat actors behind this campaign go way past any previous nickel-and-dime antics, impersonating the United Help Ukraine organization. Spammers are using IP addresses in the US to deliver this scam across Europe and North America. The DONATE NOW button sends recipients to a cloned version of the official United Help Ukraine Website. The fake website offers users a single donation method in the form of a crypto wallet address, and it closely resembles the official Donate page of the non-profit charitable organization.”
It’s common for scams to follow news, public affairs that attract general interest. It’s also common for them to count on people lowering their guard out of sympathy for the story the con artists tell. New-school security awareness training can enable your employees to avoid falling for social engineering attacks in both their professional and personal lives.