Fraudulent Ukraine Donation Scams – What to Watch Out For
The scenes from the ongoing Russian invasion of Ukraine have prompted many people in North America and Europe to donate to charities providing aid in the region. Unfortunately, scammers have quickly mobilized to take advantage of the situation with phishing webpages, forum posts, email links, and fraudulent websites enticing people to “help Ukraine.”
For network administrators and security practitioners, the exploitation of well-meaning employees who make an online donation from a company laptop or workstation exposes the organization to risk. Clicking on a fraudulent link, for example, can provide scammers with a password hash that could potentially lead to admin-level access to company computers. The malicious site may also load malware that could provide a foothold into your corporate environment. It’s therefore very important to encourage awareness and vigilance in your employees to help spot the tactics these fraudulent groups are using.
What to Look Out For
- Known fraudulent “Donate to Ukraine” domains:
We recommend blocking access to these domains from your network environment by either blackholing the domain via DNS filtering, blocking access via URL filtering on the corporate firewall, or adding these domains to the URL filtering protection in your email protection system.
- Charities requiring the donation in cryptocurrency. Admittedly, this is a grey area for a couple of reasons. First, some real charities accept donations in the form of cryptocurrency. Secondly, the government of Ukraine is actively seeking crypto donations in Bitcoin, Ethereum, and other forms, which may inadvertently lend credibility to such scams. Nevertheless, cryptocurrency is a favourite form of payment of fraud and ransomware groups, so to keep guidance simple, it’s best to avoid donating to organizations that require cryptocurrency.
- Unsolicited email requests for money and solicitations that pop up on social media are often used by scammers to exploit. While company secure email gateways filter out all fraudulent emails, home accounts accessed via work devices are a means by which they can slip through and expose the organization to risk. A good practice for all employees to follow includes deleting emails and steering clear of social media pop ups requesting financial aid.
- Appeals that play on urgency and insist that you need to send money right away is a common psychological tactic of scammers used to disarm your critical faculties. Legitimate charities will gratefully accept contributions whether you donate to them today, tomorrow, or weeks from now.
Before donating, it’s best to look up the organization online to confirm that it is legitimate. Charity Intelligence Canada is a good place to start, and the charity’s reputation can be further vetted by seeing if they meet the criteria of the Better Business Bureau’s 20 Standards for Charity Accountability.
Overall, be skeptical of any texts or emails seeking donations. Never click on any links provided in such emails. Instead, do some homework and seek out an appropriate charity yourself via trusted sources.
You might also like
Employee Spotlight: Meet Peter Woods
iON is delighted to shine the Employee Spotlight on Contract Specialist, Peter Woods.Meet Peter WoodsOriginally from Ottawa, Peter moved to Calgary in 1999 after completing his degree. During this time, he began his career in procurement as a buyer and progressed through various roles in supply chain and contract management.Climbing and Lessons LearnedAlthough always active…
Employee Spotlight: Meet Chris Timmons
iON is pleased to shine the Employee Spotlight on Assessment Services Team Lead, Chris Timmons. Meet Chris Timmons From an early age, Chris has been a high achiever. He excelled at his elementary school in Pilot Butte, SK. And when he moved to Ottawa as a teen, he used previously taken classes to fast-track through Grade 11 and…
iON at Calgary Cyber Summit 2022
iON is proud to be a gold sponsor at this year’s Calgary Cyber Summit. Running September 13-16, the event hosts over 300 law enforcement, partner agencies, and corporate cybersecurity representatives from a dozen countries, allowing for unparalleled networking and learning opportunities. The theme of this year’s event is “Stronger Together,” with a focus on expanding…