The Russian invasion of Ukraine on February 24th is causing a humanitarian and refugee crisis in Ukraine. Supporters of Ukraine from all around the world are rushing to the internet to offer any assistance they could to the Ukrainian people.

According to the Google search trends data, there is a huge number of search queries for terms such as "donate to Ukraine", "help Ukraine" and similar terms worldwide.

As Ukraine's official government accounts and charities made a call for help & started accepting donations using cryptocurrencies and Bank Transfers.

Cyber Criminals took notice of the opportunity and started impersonating the Ukrainian Government messages, charity websites, fundraisers to collect crypto for their personal gains.

It's neither the first-time cybercriminals have used a crisis to benefit, nor it will be the last. Benefitting from a humanitarian crisis shows how low cybercriminals are willing to go in order to make money.

In this blog, we take a look at different crypto scams, fake websites, social media campaigns run by cyber criminals to benefit the crisis in Ukraine.

Domain Registration Trend

Right after the 24th of February invasion, there was an increase in the registration of domains with Ukraine-related keywords and domains with "ukrain" as a substring.

The registrations peaked on March 1st and daily domain registrations are still at a much-higher count than before the invasion day.

As the Russian forces advance deeper into Ukraine and continue to cause an even colossal humanitarian crisis, threat actors will be looking to profit from people's sentiment and goodwill towards the situation, so we can expect this domain registration trend to continue.

Few of these domains are being registered for legitimate reasons such as showing solidarity, fundraising, and increasing awareness about the horrors of invasion.

But a vast majority of these domains are being registered to impersonate the charities, official government donation pages to scam people looking to help Ukraine by financial means.

Various Ongoing Scams

Donation Scam Websites

Criminals have been setting up new websites, and in some cases cloning the existing legitimate charity webpages in order to set up fake crypto donations to Ukraine websites.

Numerous scam pages screenshots are shown below. A few of these pages may resemble legitimate websites. Attackers clone legitimate websites and modify the payment information part with their own Bitcoin, Ethereum wallet addresses, to receive the funds.

Scam Emails

Email-based scams using the Ukrainian crisis as a lure have risen as well. Many users on Twitter have reported receiving Ukraine crisis-themed crypto donation spam emails.

Some spam emails pose as the Ministry of Foreign Affairs of Ukraine, a victim trapped in Ukraine, or as charity/fundraisers in order to receive cryptocurrency donations.

Twitter

Scammer profiles on Twitter and other social media platforms continue to promote fake BTC and ETH addresses as the official Ukrainian government donation address in the hopes of luring a few victims.

Some criminals even include pictures of victims, injured/dead women, and children in their posts in the hopes of guilt-tripping the audience into contributing money without realizing the profile or mentioned crypto address is not legitimate.

Instagram

Similar to Twitter, Scammers are actively creating fraudulent Instagram profiles disguised as legitimate charities to receive donations.

The number of accounts impersonating the Ukrainian Red Cross on Instagram was so high that the Ukrainian Red Cross had to start a warning Twitter thread about the fake accounts collecting money on their behalf using their name and emblem.

YouTube

In the early days of the invasion, there were numerous fake live streams on YouTube asking for donations on behalf of the Ukrainian government.

Subsequently, YouTube cracked down on such live streams and now such live streams are few and far between.

Donations Received

• As of writing this blog, the official government crypto wallets have received over 50 million dollars in donations.
• Many of the malicious websites, social media campaigns, live streams have also managed to scam many victims out of their hard-earned money using the donation scams.
• The bitcoin address shown in the YouTube live stream screenshot above managed to get over $1000 in donations. And the Ethereum address received over $2600 in donations.
• There are many small websites that were created after the invasion and the wallets listed on those profiles have received quite some money as well. Many of these websites are suspicious and verifying the genuineness of each website is challenging.

How to avoid such scams

1. Don't trust random social media accounts and random websites.
2. Always use the official donation address listed on official Ukrainian government websites or legitimate charity websites.
3. Don't trust screenshots and QR codes screenshots. They could be easily forged or altered.
4. Always verify that the social media account asking for a donation is the legitimate account for the said organization.

About Us

This blog is published by Bolster Research Labs. We are also creators of https://checkphish.ai –  a free URL scanner to detect phishing and scams sites in real-time.

If you are interested in advanced research and uncovering new scams or working with cutting-edge AI, come work with us at the Bolster Research Labs. Check out open positions here

Resources

• Official Ukrainian Government Donation Page
• Official Ukraine Government Twitter Handle
• Verified Ukraine Donations List

*** This is a Security Bloggers Network syndicated blog from Bolster Blog authored by Nikhil Panwar. Read the original post at: https://bolster.ai/blog/ukraine-crisis-crypto-donation-scams/