New ‘Help Ukraine’ scams have arrived


This week scammers began targeting unsuspecting users via phishing webpages, forum posts, and email links enticing users to “help Ukraine” by donating

The development follows Ukraine’s successful effort of raising over $37 million in crypto donations from all around the world amid the country’s ongoing invasion by Russian troops. 

What should I look out for?

Attackers are using a variety of means—from phishing emails that appear to originate from npr.org or the United Nations Office for the Coordination of Humanitarian (OCHA) domains, to posting forum posts claiming to be behind the “Help Ukraine” movement.

“Help Ukraine” phishing email pretending to come from npr.org


Ransomware intel provider MalwareHunterTeam also came across .org domains set up by scam artists looking to con prospective donors, as did others:


And Twitter is a buzz with warnings for counterfeit donation sites:

More fraudulent donation websites reported by @JCyberSec_ (Twitter)


What makes these scams particularly dangerous is their appeal to emotion that unwary recipients may not be able to resist, especially at a moment of need for Ukraine.

The fact that the government of Ukraine is actively seeking crypto donations in Bitcoin, Ethereum, and other forms of crypto from all over the world may inadvertently lend credibility to such scams.

The Takeaway

These attacks highlight just how ruthless and clever threat actors can be in adapting existing social engineering tactics to take advantage of world events.

How to prevent you and those in your company from becoming a victim? It all comes down to your Employee Cybersecurity Training Program (ECAT). It’s not enough simply to educate employees sporadically about common social engineering tactics. Remember, treat every email with healthy skepticism and be sure everyone is well trained on how to identify emails from scammers.

Stay safe out there

-A