The scenes from the ongoing Russian invasion of Ukraine have prompted many people in North America and Europe to donate to charities providing aid in the region. Unfortunately, scammers have quickly mobilized to take advantage of the situation with phishing webpages, forum posts, email links, and fraudulent websites enticing people to “help Ukraine.” 

For network administrators and security practitioners, the exploitation of well-meaning employees who make an online donation from a company laptop or workstation exposes the organization to risk. Clicking on a fraudulent link, for example, can provide scammers with a password hash that could potentially lead to admin-level access to company computers. The malicious site may also load malware that could provide a foothold into your corporate environment.  It’s therefore very important to encourage awareness and vigilance in your employees to help spot the tactics these fraudulent groups are using.  

What to Look Out For 

1. Known fraudulent “Donate to Ukraine” domains:

• donateukraine.sbs
• savelifeinukraine.app-en.com
• shealterukraine.org
• ukraineglobalaid.com

We recommend blocking access to these domains from your network environment by either blackholing the domain via DNS filtering, blocking access via URL filtering on the corporate firewall, or adding these domains to the URL filtering protection in your email protection system.

2. Charities requiring the donation in cryptocurrency. Admittedly, this is a grey area for a couple of reasons. First, some real charities accept donations in the form of cryptocurrency. Secondly, the government of Ukraine is actively seeking crypto donations in Bitcoin, Ethereum, and other forms, which may inadvertently lend credibility to such scams. Nevertheless, cryptocurrency is a favourite form of payment of fraud and ransomware groups, so to keep guidance simple, it’s best to avoid donating to organizations that require cryptocurrency. 

3. Unsolicited email requests for money and solicitations that pop up on social media are often used by scammers to exploit. While company secure email gateways filter out all fraudulent emails, home accounts accessed via work devices are a means by which they can slip through and expose the organization to risk. A good practice for all employees to follow includes deleting emails and steering clear of social media pop ups requesting financial aid.

4. Appeals that play on urgency and insist that you need to send money right away is a common psychological tactic of scammers used to disarm your critical faculties. Legitimate charities will gratefully accept contributions whether you donate to them today, tomorrow, or weeks from now.  

Before donating, it’s best to look up the organization online to confirm that it is legitimate. Charity Intelligence Canada is a good place to start, and the charity’s reputation can be further vetted by seeing if they meet the criteria of the Better Business Bureau’s 20 Standards for Charity Accountability. 

Overall, be skeptical of any texts or emails seeking donations. Never click on any links provided in such emails. Instead, do some homework and seek out an appropriate charity yourself via trusted sources.