Cyber-Criminals Exploit Ukraine Crisis to Scam Donors
Introduction
A recent study by managed detection and response provider, Expel, has revealed a disturbing trend of cyber-criminals posing as legitimate aid organizations to deceive people into donating money intended for the people of Ukraine.
Attack Vectors
According to Expel’s February Attack Vectors Threat Report, the company’s security operations center (SOC) identified multiple phishing emails leveraging the Ukraine invasion to target cryptocurrency. These malicious emails had subject lines like “Help save children in Ukraine” and “Ukraine Donations,” playing on the emotions of potential donors.
Impersonation Tactics
One of the tactics used by the threat actors was impersonating individuals like Dr. Aronov Maxim from Smile Children’s Hospital in Ukraine. The email claimed that the hospital had been destroyed due to the Russian invasion and requested donations to aid sick and wounded children. It further stated that traditional donation channels were inaccessible due to the conflict, urging recipients to donate cryptocurrency to a specified digital wallet.
Expert Advice
Jon Hencinski, director of global operations at Expel, condemned the exploitation of the Ukraine crisis for personal gain. He advised potential donors to verify the legitimacy of donation requests by double-checking public wallet addresses and transaction histories before making any contributions. Hencinski recommended using blockchain explorer sites like blockchain.com and Polkascan to review transaction histories and cautioned against donating to addresses with limited history or low balances.
Verifying Donations
To ensure donations reach the intended recipients, Hencinski suggested conducting a quick internet search of the public address provided. He highlighted the Ukraine government’s verified Twitter account, which shared three cryptocurrency wallet addresses – a Bitcoin wallet address, Ethereum wallet address, and Polkadot address – all with a significant number of transactions, indicating their legitimacy.
By staying vigilant and verifying donation requests, individuals can protect themselves from falling victim to scams and ensure their contributions make a meaningful impact in supporting those affected by the crisis in Ukraine.