In this video for Help Net Security, Charles Brook, Threat Intelligence Researcher at Tessian, talks about how cybercriminals have taken advantage of the crisis in Ukraine to create charity donation scams.
In response to the crisis, people around the world have been eager to support Ukraine. And while there are legitimate ways to donate money and resources, scammers have started using impersonation techniques and sneaky tactics to dupe individuals into sending fake donations via emails, asking for cryptocurrency, or via fake websites.
Three types of charity donation email scams have been discovered, with the common theme of stealing money from individuals. Bad actors are impersonating legitimate organizations, and then sending out a QR code to coerce people into sending cryptocurrency payment. This way, cybercriminals are bypassing legacy email defenses and direct victims to fraudulent websites.
Another scam came from a newly registered domain redcrossukraine.org. The sender of an email posed as the Red Cross in Ukraine, included a malicious link to one again donate cryptocurrency.
Finally, an e-commerce scam was discovered. Scammers blast out spam with links to websites selling t-shirts with slogan saying “I stand with Ukraine!“ The emails contained links to suspicious sites where you could browse and purchase the products mentioned in the emails, although no product is ever received.