People around the world are finding ways to help Ukrainians who are fleeing their homes after the Russian invasion. Polish parents are leaving strollers at the train station for incoming Ukrainian mothers. Nonprofits, such as Nova Ukraine, are raising funds for medical supplies, food, and cots with blankets. Others are getting creative by purchasing several nights at Airbnb’s so families and groups of people can have a safe place to stay.  

Unfortunately, malicious hackers are using this crisis as an opportunity to engage phishing emails that earn them a payday. Here are a couple of phishing attempts to watch out for:

Fake login from Moscow 

According to KnowBe4, there is a phishing email campaign, disguised as a notification, alerting you that someone is logging into your account with the IP address located in Moscow. The email provides a button allowing you to report the issue, which creates a pre-filled email to be sent to a different address. Once you click send, the attacker will respond to continue the interaction, hopefully reeling you in to retrieve company information they can sell later.  

To pull back the curtain, hackers are using fear to get you to respond, and then creating a direct conversation with you.  Scammers disguise themselves as trustworthy by letting you know about the fake login attempt. In reality they’re conning you into giving up data. 

Donate to children in Ukraine 

Another email scam to watch out for is one that originates from the spoof domain known as @president.gov.ua. The subject line will say, “Donate to Help the Children in Ukraine,” pulling at your heart strings for Ukrainian children who are in need. In the body of the email, there is a stretched out Ukrainian flag with a short message asking for donations. The campaign is “launched” by Act of Peace, a humanitarian organization, and they “accept” a variety of cryptocurrency, including Bitcoin, Ethereum, USDT, and NFT.  

Caught by Malwarebytes, they noticed the lack of misspellings, and the stretched out Ukrainian flag which created an unprofessional and unofficial look. Malwarebytes also noted the acceptance of NFTs, which is usually used for transactions of digital art, not donating for humanitarian purposes. As it turns out, Act of Peace is a legitimate organization based in Australia, however they do not have access to an email server to send donation emails. 

Hackers manipulate sympathy, increasing their credibility by name-dropping a relatable non-profit and cause, thereby twisting the truth ever so slightly to earn a profit off of another’s pain. Other organizations with a similar scheme setup include German Bitcoin and Ukraine Red Cross Society. Even though these are international organizations, corporate employees across the US have noticed phishing emails popping up in their spam folders and inboxes that are not legitimate. 

What if I still can’t tell the difference? 

If you or your employees are receiving phishing scams related to the Ukraine crisis and are having a hard time discerning whether it is legitimate, here is what you can do: 

• Research the charity, including the terms “complaints,” “review,” or “scam” in the search engine to prove its legitimacy. 
• After confirming, donate directly through the charity website (do not click through an email), so you know where your money is going. 
• If you’re still wary, call your local non-profit chapter of the Red Cross and ask them where to go to donate.  

Is Your Inbox A Crime Scene? 6 Ways to Evaluate Potential Phishing Scams

For all your other phishing and IT security needs 

We want to prepare you for any hacker attempt that might come across your email inbox. We have created several articles, as well as an eBook, that will prevent you from getting reeled into a cybercriminal trap. Click on the link below or contact us today for more information!