Fraudulent Ukraine Donation Scams – What to Watch Out For
The scenes from the ongoing Russian invasion of Ukraine have prompted many people in North America and Europe to donate to charities providing aid in the region. Unfortunately, scammers have quickly mobilized to take advantage of the situation with phishing webpages, forum posts, email links, and fraudulent websites enticing people to “help Ukraine.”
For network administrators and security practitioners, the exploitation of well-meaning employees who make an online donation from a company laptop or workstation exposes the organization to risk. Clicking on a fraudulent link, for example, can provide scammers with a password hash that could potentially lead to admin-level access to company computers. The malicious site may also load malware that could provide a foothold into your corporate environment. It’s therefore very important to encourage awareness and vigilance in your employees to help spot the tactics these fraudulent groups are using.
What to Look Out For
- Known fraudulent “Donate to Ukraine” domains:
We recommend blocking access to these domains from your network environment by either blackholing the domain via DNS filtering, blocking access via URL filtering on the corporate firewall, or adding these domains to the URL filtering protection in your email protection system.
- Charities requiring the donation in cryptocurrency. Admittedly, this is a grey area for a couple of reasons. First, some real charities accept donations in the form of cryptocurrency. Secondly, the government of Ukraine is actively seeking crypto donations in Bitcoin, Ethereum, and other forms, which may inadvertently lend credibility to such scams. Nevertheless, cryptocurrency is a favourite form of payment of fraud and ransomware groups, so to keep guidance simple, it’s best to avoid donating to organizations that require cryptocurrency.
- Unsolicited email requests for money and solicitations that pop up on social media are often used by scammers to exploit. While company secure email gateways filter out all fraudulent emails, home accounts accessed via work devices are a means by which they can slip through and expose the organization to risk. A good practice for all employees to follow includes deleting emails and steering clear of social media pop ups requesting financial aid.
- Appeals that play on urgency and insist that you need to send money right away is a common psychological tactic of scammers used to disarm your critical faculties. Legitimate charities will gratefully accept contributions whether you donate to them today, tomorrow, or weeks from now.
Before donating, it’s best to look up the organization online to confirm that it is legitimate. Charity Intelligence Canada is a good place to start, and the charity’s reputation can be further vetted by seeing if they meet the criteria of the Better Business Bureau’s 20 Standards for Charity Accountability.
Overall, be skeptical of any texts or emails seeking donations. Never click on any links provided in such emails. Instead, do some homework and seek out an appropriate charity yourself via trusted sources.
You might also like
iON at the Western Canada Information Security Conference
The Western Canada Information Security Conference is back on May 16-17! This year’s event will once more bring together IT Security and Audit professionals plus OEM and local vendors for two days of top-notch presentations and excellent networking opportunities. The top names in cybersecurity will be well represented at this year’s event, so if you’re…
Password Policy Best Practices
World Password Day is Thursday, May 5, which is a good reminder that strong password policies are crucially important to a sound cybersecurity practice. Password guessing based on publicly available information is one of the most common tactics of malicious actors. Weak passwords also remain a top cause of data breaches for organizations of all…
ICS Malware: Industroyer2 and Pipedream
Last week, two new ICS malware tools were unveiled to the world that have the potential to wreak havoc on North American industrial control systems.Industroyer2Industroyer2 was a major component of a recent, unsuccessful attack on high-voltage electrical substations in Ukraine. This attack was linked to Sandworm, a threat group affiliated with Russia’s GRU military intelligence…