Cyber Criminals are Exploiting the Crisis in Ukraine

Cyber Criminals Are Using Scams To Exploit People’s Concerns

As is often the case, cybercriminals are swift opportunists who never let an opportunity go to waste. Unfortunately, the humanitarian crisis in Ukraine is no different for them.

In this blog, we’ll cover the prime ways attackers are targeting unsuspecting users and then look into some quick tips that can help you avoid these digital minefields.

The Different Mediums of Attack

Between malware, ransomware, and phishing sites designed to steal confidential data, cybercriminals are exploiting a variety of attack vectors. The most common denominator, however, remains to be cryptocurrency donations at this point.

Given that cryptocurrency transactions are anonymous, irreversible, and non-refundable, there is nothing surprising about attackers choosing this asset class to execute their nefarious schemes.

With the Ukrainian government officially accepting cryptocurrency donations, there has been a massive wave of contributions by kind hearted individuals from around the globe.

Unfortunately, the surging generosity of people has been met with an equally swift reaction by dishonest characters. They are duping unsuspecting donors through a variety of schemes, including but not limited to the following:

1. Phishing Websites

By copying the branding of legitimate and trusted organizations, attackers trick people into sending donations to a wallet that has nothing to do with the organization and is actually controlled by them.

They even include logos of globally-recognized brands like the BBC and New York Times to uplift their trust profile.

2. Social Media Impersonators

As social media platforms like Twitter, Instagram, and Facebook don’t have any restrictions on names and profile photos, it’s incredibly easy to create a pixel-perfect copy of a popular figure.

Whether we talk about organizations like UNICEF or influential individuals like Vitalik Buterin (creator of Ethereum), attackers are creating look-alike profiles to solicit donations from unsuspecting users.

Considering that the impersonator’s profile looks exactly like the real profile, many people don’t check the number of followers and donate to the presented wallet address.

As you can guess, this wallet is controlled by the attacker, with no relations or ties to the impersonated individual or the supposed non-profit organization. 

3. Fake Projects

This is another major issue as many cryptocurrency and NFT projects have popped up that claim to donate their proceeds to non-profit organizations in Ukraine. But there is little to no proof of the funds actually making it to the citizens suffering on the ground.

People are lured into these schemes because there is always the potential of the crypto token or NFT appreciating in value, which could potentially yield a profit while supposedly helping people facing the harsh realities of war.

Unfortunately, it is that second part where many dishonest creators skimp, if not outright run away with the funds.

Tips for Avoiding Scammers Online

To fight back against these scammers, we recommend the following:

• Encryption: If the website is not using the HTTPS protocol to encrypt all traffic, there’s a good chance it is not the official website. You will find a padlock icon in the address bar of your browser if the connection is secure.
• Discrepancies: Misspellings are one of the most common ways attackers dupe people into trusting a phishing website. The difference could be as minor as an extra alphabet in the website address.
• Writing Errors: Spelling, formatting, and styling errors are common among phishing sites and profiles. That is because these attackers are often sloppy and usually lack the skills to write flawless content.
• Social Media Checkmark: Most platforms verify their most influentials users and add a “tick” or some other symbol next to their profile name to prove its authenticity. You should always check for this before interacting with an account. Another tip is to manually confirm the number of followers they have. Most fake accounts won’t have more than a few hundred followers, if not a lot less.
• Adopt a Zero-Trust Policy: While this is a technical networking term, you can also apply it to all your personal interactions on the internet. It’s usually better not to trust anyone. This includes links, files, emails, and any other imaginable source of interaction. For instance, if you want to donate to UNICEF, you shouldn’t trust the link from your favorite influencer. Instead, it is recommended that you open it directly by typing it in the address bar.

People have lost millions of dollars to scammers capitalizing on the humanitarian crisis in Ukraine.

By knowing of the common threats and following some best practices, you can protect yourself and your organization while ensuring that your generosity reaches the people who deserve it.

For information on our security offerings, including Security Awareness Training, please contact us at ask@optistartech.com.