Cryptocurrency Fraud , Email Security & Protection , Fraud Management & Cybercrime

Scammers Send Fake Ukraine Aid Requests to Phish Victims

Criminals Seek Cryptocurrency and Other Monetary Donations , FBI Says
Scammers Send Fake Ukraine Aid Requests to Phish Victims
Scammers are seeking to exploit the Russia-Ukraine war. (Source: ISMG)

The FBI says in an alert that scammers have been posing as Ukrainian humanitarian entities to fraudulently seek donations and other financial assistance for the war-torn country.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors

"Criminal actors are taking advantage of the crisis in Ukraine by posing as Ukrainian entities needing humanitarian aid or developing fundraising efforts, including monetary and cryptocurrency donations. Scammers similarly have used past crises as opportunities to target members of the public with fraudulent donation schemes," the alert says.

Phishing Menace

Internet security company Cyren recently noted a significant increase in cryptocurrency scams that take advantage of the Russian invasion of Ukraine.

"Ukraine has received more than $50 million in crypto donations since the war started, with the majority of donations resulting from the Ukraine government Twitter account requesting Bitcoin, Ethereum, Tether and Polkadot. So, it's not surprising that cybercriminals are focusing on crypto donations to trick victims," the Cyren researchers say.

The researchers discovered several email scam messages with subject lines including "Help Ukraine," "Help Ukraine war victims" and "Help Ukraine stop the war! - humanitarian fund raising."

"While the victims are under the impression that they are helping Ukraine, the donation is going straight into a scammer's wallet. In the last few days, the research team has uncovered more than 100k emails per day. Over 50% of the emails are being routed through the U.S., however, this is not an indication that the emails originated in the U.S.," the researchers say.

They say they found emails coming in from all over the globe, including Indonesia, Brazil, India, South Africa and Colombia.

According to the Cyren researchers, a large number of emails were sent from spoofed addresses with domain endings related to Ukraine to increase their authenticity, and a significant number of them were sent from random Gmail addresses.

Google's Threat Analysis Group had also observed a growing number of threat actors using the Russia-Ukraine war as a lure in phishing and malware campaigns to target the military of multiple Eastern European countries, as well as a NATO Center of Excellence.

In February, the Computer Emergency Response Team of Ukraine issued a warning about a massive spear-phishing campaign targeting private accounts of Ukrainian military personnel and related individuals.

CERT-UA attributes the activities to the UNC1151 group aka Ghostwriter (see: Belarusian Spear-Phishing Campaign Targets Ukraine Military).

The Minsk-based group is a state-sponsored cyberespionage actor that consists of officers of the Ministry of Defense of the Republic of Belarus, which engages in credential harvesting and malware campaigns (see: 'Ghostwriter' Disinformation Campaign Targets NATO Allies).


"A quick web search will often turn up information about the charity and help guide you past the scams, but even then, it still pays to go directly to the charity's website rather than clicking on a link in a post or email. If the charity is legitimately raising money to help, there should be information on their website, along with instructions on how to donate securely," says security awareness advocate Erich Kron.

The FBI shared these security tips:

  • Be suspicious of online communications claiming to be individuals affected by the war and seeking immediate financial assistance.
  • If the communication asks that donations be sent to specific cryptocurrency addresses, be cautious and check if the addresses are legitimate and compare the alphanumeric characters to any known official addresses.
  • Do not communicate with or open texts, emails, attachment or links from unknown individuals posing as Ukrainian entities in need of humanitarian aid.
  • Don't send payments to unknown individuals or organizations asking for financial assistance.

"Emotions are a very powerful tool in the cybercriminal's toolbox, causing people to miss clues about scams when they would otherwise be obvious," Kron says. "For this reason, people should always be cautious when dealing with any email, text message, or even a phone call that elicits a strong emotional response."

About the Author

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.