Please fill in the form below to subscribe to our blog

Ukraine Charity Phishing Scams Are Hitting Employee Inboxes

March 11, 2022
Ukraine charity phishing scams represented by the Ukrainian flag waving against storm clouds

A Flurry of Ukraine Charity Phishing Scams Tug at People’s Heartstrings for Nefarious Purposes


In times of trouble, it’s heartwarming to see people band together to help other people who are suffering, a welcome reminder that there’s more good in this world than we may sometimes think. But for every group of people trying to make a difference by doing good deeds, there’s another group of people doing bad deeds, and the only thing they want to make a difference in is your wallet – and if they can perpetrate some profitable cybercrime at the same time, they won’t hesitate to capitalize on the opportunity, which has resulted in a host of fresh Ukraine charity phishing scams.  


"cyber attack" written in a grafitti style with the letters slightly blurred to indicate signal interference in black on a white background framed in yellow

Stop cyberattacks & save money: See why security awareness training is your best investment. DOWNLOAD NOW>>


Tragedies Spawn Phishing Scams 


It’s unfortunate that tragedies like Russia’s invasion of Ukraine can lead to upticks in cybercrime like phishing, but it is the sad truth. Scammers started working on fleecing sympathetic people right away, just like they do whenever there’s a crisis. Russian cybercriminals got right to work too. Phishing attacks from Russia-based sources have boomed, increasing eight-fold since their attack on Ukraine began. Suspected Russian threat actors also used a stolen legitimate Ukrainian military email address to phish EU personnel working on the scene in Ukraine. Bad actors know that tumultuous times are golden opportunities for social engineering with loads of victims ripe for the picking. With people already unsettled, the bad guys just have to push a little bit to put their victims where they want them.  

This was evident from the start of the COVID-19 pandemic, as COVID-19 themed phishing scams bombarded inboxes using fake COVID-19 tracking maps, spoofed government notices, bogus company policy updates and other scams to phish for credentials and spread malware like ransomware. Another major wave of scams hit with the Omicron variant, with email phishing abounding using even more ghoulish lues like spurious layoff or termination announcements, malicious exposure notices and even false information about funeral expense assistance.


Is it time to update your security awareness training policy – or create one? These 6 tips can help! DOWNLOAD NOW>>


Ukraine Charity Phishing Scams Are Popping Up Fast


Now the bad guys are back at it, and a Ukraine charity phishing scam is sure to be popping up in an inbox near you soon. Make no mistake – scams like these are just as much of a risk to businesses as they are to consumers. With the lines between work and personal devices becoming more invisible every day, chances are high that employees are using work devices for personal business like charitable donations. Plus, with millions around the world still working from home, cybercriminals will be quick to exploit the fact that remote workers are more susceptible to phishing than office workers.  Altogether, this is the perfect opportunity for cybercriminals to do a little phishing.


Please don’t let the fact that there are bad actors exploiting this tragedy put you off from helping the millions of Ukrainian victims of Russian aggression. The US Federal Trade Commission (FTC) has guidance available for spotting fake charities. Here are a few legitimate charities to consider. 

  • World Central Kitchen has been on the ground since the beginning, feeding people still under siege inside Ukraine as well as refugees at border crossings. Donate here>> 
  • Polish Humanitarian Action is providing baby supplies, hygiene products and food to refugees who have fled across the Polish border. Donate here>> 
  • Fight for Right is working to help evacuate people with disabilities and critical medical needs who have been unable to escape the conflict. Donate here>> 

Are your users ready to handle all of the risks they face daily? Make sure you’ve covered all the bases! GET A CHECKLIST>>


Fake Email & Website Phishing 


There are a host of scams in action doing some old-fashioned email phishing, clever spoofing and malware distribution that are risky for both individuals and businesses. Here are a few Ukraine charity phishing scams to be on the lookout for to avoid ending up on their hooks.

  • Approach emails asking for help for very specific population segments or causes, like orphaned children or homeless pets with extreme caution. While most are generic (everyone wants to help kittens and kids), some of these are tailored spear-phishing efforts. It’s not hard for bad actors to find out what their target is interested in from their social media accounts to up the chance that they’ll successfully snatch the recipient’s credentials. 
  • Of course, beware of malicious attachments purporting to share things like war photos, maps, and in one scam, information about US companies that are still doing business in Russia. Of course, the only thing these attachments have to offer is malware including ransomware.  
  • Be on the alert for sophisticated emails loaded with legitimate-looking formatting like the Ukrainian flag and fancy logos that are supposedly from humanitarian organizations including fake UNICEF and UNHCR abound.
  • Analysts warn of a scheme that uses a Microsoft sign-in theme. In the bogus email, users are warned that there have been unauthorized log in attempts on the recipient’s account, and the location of those attempts was listed as “Russia/Moscow”.  The user is urged to update their login info, giving the bad guys their credentials.  
  • Another Ukraine email phishing scam discovered in the wild targets organizations in the manufacturing sector for malware using a .zip attachment named “REQ Supplier Survey”. The attackers ask recipients to fill out a survey concerning their backup plans in response to the war in Ukraine. When the target proceeds to open the attached survey, the malicious payload is downloaded and deployed from a Discord link immediately. This attack aims to infect recipients with two well-known remote access Trojans – Agent Tesla and Remcos.  
  • Fake charity websites are popping up, too. MSN reported that researchers had discovered a handful of sites decked out in trappings like Ukraine’s colors and war or refugee images that solicit donations but are actually scams. Sites like these often host ransomware.  

Be the hero that defeats your company’s security threats to declare victory over cybercriminals! GET THE GUIDE>>


Cryptocurrency Phishing 


The Ukrainian government announced that it accepts BTC and ETH cryptocurrency donations to this official wallet address. So far, one analysis of blockchain transactions shows that the ETH wallet received over 18,524 transactions totaling over $9.7 million, while the BTC wallet shows more than 9,300 transactions with a value of $9.4 million. Scammers are definitely looking for their share using these ploys. 

  • Researchers unearthed a phishing email using a subject line on the theme of “sanctions against Russia” targeted employees at a European financial service provider. The campaign spoofs the login page of legitimate cryptocurrency exchange bitcoin.de, targeting login credentials and potentially stealing cryptocurrency. Multiple variants of the email were discovered, but all used social engineering around sanctions against Russia to hook the unwary.  
  • A particularly horrible email scam involves spoofing legitimate messages from the Ukraine Red Cross Society. The goal is to scam donors into cryptocurrency donations to a private wallet and in some versions, capture credentials
  • Innumerable bogus forum posts and social media appeals targeted at crypto enthusiasts promising that their donations will go directly to aid for Ukraine. Many contain malicious links that spread malware.  

The Guide to Reducing Insider Risk can help IT pros stop security incidents before they start! GET IT>>


Security Awareness Training Helps Employees Avoid Traps Like These 


When people know what to look for, they’re much less likely to get caught by phishing. Regular, engaging security awareness training improves phishing awareness by an estimated 40%. – and BullPhish ID is the perfect choice to get the job done. 

  • Plug-and-play phishing simulation kits make antiphishing training a breeze, and new kits are added to the library of options every month! 
  • Trainers can also customize a wide array of a phishing simulation components including attachments to run specialized campaigns around unique industry threats. 
  • Choose from a big library of security and compliance training videos including phishing-related topics like ransomware and credential phishing. 

Don’t wait until you’re dealing with the fallout of a Ukraine charity phishing scam – contact our experts for a demo today! BOOK A DEMO>> 


ransomware defense can be complicated by cryptocurrency risk

See how ransomware really works, who gets paid & what’s next in our tell-all Ransomware Exposed! DOWNLOAD IT>>



let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!

LEARN MORE>>


Is your password compromised? Find out in seconds!

USE OUR PASSWORD COMPROMISE CHECKER>>


Book your demo of Dark Web ID, BullPhish ID and Passly now!

SCHEDULE IT NOW>>