Times of crisis may bring out the best in you, but they also have a way of bringing out the worst in scammers. They, too, follow the headlines and will go into overdrive in their attempts to part people from their money. We’ve seen this time and again during the COVID-19 pandemic, and just a few days into it the war in Ukraine is no different.
If the crisis has you worried and you’re looking to support humanitarian work on the ground through a donation, make sure your money goes to the right cause.
ESET researchers have spotted a bevy of websites that solicit money under the guise of charitable purposes. They tend to riff on a similar theme, making emotional but nonetheless fake appeals for solidarity with the people of Ukraine or urging the public to help fund the country’s defense efforts.
Samples Of Scam Websites
The websites make very vague claims about how the ‘aid’ will be used. It should also be obvious – upon closer inspection, anyway – that none of them represents a legitimate organization.
Some domains to be wary of include:
- help-for-ukraine[.]eu
- tokenukraine[.]com
- supportukraine[.]today
- ukrainecharity[.]gives
- ukrainesolidarity[.]org
- ukraine-solidarity[.]com
- saveukraine[.]today
Found a suspicious domain? Submit it to us for further analysis.
Also, stay alert for emotional pleas for help that may land in your email. A Reddit user has shared one such fake tug at the heartstrings (see below). Other similar ploys that aim to get the victims to cough up some Bitcoin are floating around on Twitter and other social media. Generally speaking, in the age of common account takeovers and ongoing cyberattacks against Ukrainian targets, it may be difficult to verify ‘solely digital’ information. While social media sites often play a major role in getting the word out about a charitable cause in a time of crisis, they are also fertile ground for fraud.
How to avoid charity fraud
If you’re looking to pour out support through a donation, here’re a few tips for how to do it safely:
- Check carefully before giving – you’re best off sticking to well-known organizations that have a history of work in the field and have some presence or partners in Ukraine.
- Donate your money via the organization’s website or approach the charity directly for guidance.
- Be wary of requests to wire money or send gift cards. Charities don’t normally request this kind of ‘donation’.
- Avoid clicking on links or downloading attachments in unsolicited emails or social media messages, particularly from unknown sources and those that add to the sense of alarm. They may attempt to lure you into unwittingly downloading malware onto your device.
- In fact, be wary of messages even from trusted sources unless you verify that the message is authentic. To do this, contact said source by other means than the one by which you received it, e.g., by phone if you got it by email, etc.
- Be skeptical of social media posts that promote a charity unless you verify that the organization is legitimate. The friend recommending it may not have done their research and the number of likes for a social media post doesn’t say much about its legitimacy, either.
- Don’t give in to undue pressure – fraudsters will attempt to use the urgency of the situation to rush you into donating.
Legitimate ways to support the efforts in Ukraine
Here’s a non-exhaustive list of major international organizations that provide emergency assistance in Ukraine:
- The International Committee of the Red Cross
- Save the Children
- Doctors Without Borders
- UNICEF
- See also Charity Navigator to look for other vetted charities.
As the crisis remains front-page news all over the world, scammers will continue to look for ways to exploit the misery of the people affected by the war for their own gain. Perhaps the worst thing is that falling for a charity scam doesn’t just affect you – it also means the intended recipients are losing out on the assistance, which makes this sort of fraud all the more deplorable.
You may also enjoy reading, Q4/21: Sees More DDoS Attacks Than Ever Before
Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today
Remember, CyberSecurity Starts With You!
- Globally, 30,000 websites are hacked daily.
- 64% of companies worldwide have experienced at least one form of a cyber attack.
- There were 20M breached records in March 2021.
- In 2020, ransomware cases grew by 150%.
- Email is responsible for around 94% of all malware.
- Every 39 seconds, there is a new attack somewhere on the web.
- An average of around 24,000 malicious mobile apps are blocked daily on the internet.
