As Ukrainian forces continue their attempts to liberate Russian-seized territories, cybercriminals are taking advantage of the chaos and uncertainty to trick unsuspecting individuals out of money.
Fraudsters have attempted to cash in on the Russo-Ukrainian conflict since the invasion on Feb. 24. In the six months since, threat actors have steadily pumped out fraudulent and malicious emails targeting consumers and organizations alike.
Bitdefender Antispam Lab security experts have been monitoring the flux of spam emails using the crisis as a lure to defraud individuals.
During the entire month of August, spam telemetry shows that threat actors are relentlessly attempting to cash in on the humanitarian disaster.
According to Bitdefender Labs, the attacks seemingly originated from IP addresses in Brazil (36%), Japan (22%), the Netherlands (14%) and Venezuela (4%). The scam emails have reached recipients worldwide including South Korea (21%), the US (20%), Ireland (9%), Germany (5%), Romania (4%), the Czech Republic, Sweden, India and the UK (with 3% each), as well as Denmark, Japan, Greece, Australia and Switzerland (with 2% each).
Most of the messages are crypto-themed, asking individuals to donate to help the Ukrainian government.
Equipment for the front lines, brand impersonation and crypto cons
Fraudulent pleas for money are still going strong. Throughout August, Bitdefender Labs has observed an assortment of scam emails exploiting strong human emotions and the charitable spirit of individuals.
Taking advantage of people’s desire to help has been the most common play used by scammers, who ask for donations via thousands of crypto wallets.
Scammers are accepting your crypto ‘donations’ in everything from Litecoin to Bitcoin.
Two campaigns impersonating crypto exchange platform Switchere.com and a Kiev-based law firm were prevalent during mid-August.
In Switchere’s case, scammers copied an official blog post offering support to Ukraine, which has been live on the crypto exchange platform blog since March 3. This ‘Help Ukraine against Russian invasion with Switchere’ email, sent mainly from IP addresses in China and Brazil, ended up in inboxes of US and European recipients, including Germany, Finland, Ireland, the Netherlands, UK and Italy.
Nigerian Prince scams with a Ukrainian twist
In the last month, Bitdefender spam telemetry has tracked various advance-fee scam emails stating that you will inherit millions from a childless Ukrainian widow. Of course, if you accept the proposal, you’d only be paying for bogus transfer fees out of your pocket, ending up with nothing but bruised ego in return.
Your collaboration is also requested in this next ruse.
Another variation of an advance fee scams claims to be a ‘top secret’ financial affair including you, the next of kin to a dead Russian general who deposited 10 million euros in a London bank. The gist is that you will receive 30% of his fortune.
The latest attempts at defrauding internet users are nothing we haven’t seen before, and it seems that scammers are highly eager to take advantage of people’s desire to help (in the majority of cases). Unlike previous Ukraine charity scam campaigns, the attackers seem to have dropped the blue and yellow colors of the Ukrainian flag (for the most part).
While analysis of a small batch of cryptocurrency wallets has found no recent transactions from victims, it doesn’t mean that the cybercriminals are down on their luck. Although it may seem that spam recipients are no longer falling for poorly redacted donation requests, the lack of ‘donation funds’ could also be attributed to a temporary reprieve during the summer holiday.
Bitdefender security experts predict that spam campaigns exploiting the war in Ukraine will be prevalent for the rest of 2022, with subject lines and topics to be adapted in accordance to the latest developments in the war-torn country.
Please refer to our dedicated guide to recognizing and defending against fundraising scams for Ukraine and other threats you may encounter online.
Note: This article is based on information courtesy of Bitdefender Labs.