Repertoire of Ukraine Charity Phishing Scams

Ukraine-charity-phishing-scamsScammers continue to exploit the crisis in Ukraine, according to researchers at Bitdefender. Over the past week, the researchers believe the fraudsters have adjusted their tactics in response to increased media coverage of these scams.

“Media coverage on Ukraine charity scams have taken off since the beginning of March, and increased consumer awareness of the subject has likely influenced spammers’ strategies,” the researchers write. “The fraudsters behind this next scam impersonate The Courage Fund, a Singapore-based charity foundation established in 2003 when the country was hit by the SARS outbreak. Unlike previously reported schemes which incorporated images of the Ukrainian flag next to fraudulent cryptocurrency wallet addresses, spammers behind this campaign take an alternative route - they ask recipients to contact a GMAIL address.... Once again, scammers use official data on Ukrainian casualties and refugees, and cite a couple of organizations that have publicly announced humanitarian aid and donations to help war victims.”

Bitdefender observed another scam that uses legitimate-looking phishing emails. This scam is impersonating the legitimate United Help Ukraine charity, with a convincingly spoofed donation site.

“A novel approach at swindling good Samaritans was spotted by Bitdefender researchers on March 22,” the researchers write. “The threat actors behind this campaign go way past any previous nickel-and-dime antics, impersonating the United Help Ukraine organization. Spammers are using IP addresses in the US to deliver this scam across Europe and North America. The DONATE NOW button sends recipients to a cloned version of the official United Help Ukraine Website. The fake website offers users a single donation method in the form of a crypto wallet address, and it closely resembles the official Donate page of the non-profit charitable organization.”

It’s common for scams to follow news, public affairs that attract general interest. It’s also common for them to count on people lowering their guard out of sympathy for the story the con artists tell. New-school security awareness training can enable your employees to avoid falling for social engineering attacks in both their professional and personal lives.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Topics: Phishing

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews