• Scammers are using the Ukraine crisis to trick people into giving money to fake causes, said security experts.
  • Some common scam methods include phishing emails and typosquatting, they said.
  • These are only the latest examples of scammers trying to cash in on major events.

Security experts have warned that scammers are taking advantage of the war in Ukraine to trick people into donating to fake causes.

"Scammers often try to take advantage of individuals or organizations that seek to help people in an emergency, and we've noticed a marked uptick in this sort of activity since the end of February," David Emm, the principal security researcher at cybersecurity firm Kaspersky, told Insider. 

The amount of money obtained this way could run into "millions of dollars" worldwide, he added.

"The desire to help others is noble, but sadly, scammers prey on people's kindness and exploit every opportunity to benefit themselves," said Emm.

According to threat intelligence data from Check Point Research, one of the most common scam methods is to seek donations through phishing. This process involves criminals masquerading as someone else to dupe victims into giving up sensitive information such as their credit card details.

On Tuesday, the UK's national fraud reporting agency Action Fraud tweeted that it had received 196 reports of fake emails sent by parties purporting to raise money for those affected by the Ukraine crisis. Some of the messages even gave the impression that they had been sent by Wladimir Klitschko, the retired Ukrainian boxing champion who has taken up arms against Russia.

In one example of a phishing email shared by Check Point Research, a sender known as "Ukraine Rescue" claims that the National Bank of Ukraine has opened a "special fundraising account" to support the country's army. "Help us defend our freedom and independence!" the email read before providing details to a bank account meant to receive donations.

An example of a phishing email used to cheat people looking to make donations in support of Ukraine. Foto: Check Point Research

"We see phishing pages collecting money for the victims of the Ukrainian refugee crisis in many languages targeting users all around the globe," Emm said. 

Another common scam involves typosquatting, a spokesperson for cybersecurity firm Human told Insider. This method targets users who incorrectly type a web address into their browser, which leads them to a website that looks like the intended destination but is run by a hacker.

"Well-meaning donors may accidentally mistype the URL of a valid charity focused on the situation in Ukraine, and instead, arrive on a webpage created through typosquatting," the spokesperson said. "So the donor may believe they've made a donation to a humanitarian organization but instead have given money directly to a cybercriminal."

Security experts have emphasized the importance of potential donors verifying the legitimacy of websites — for instance, by checking for spelling and grammar mistakes in emails — before giving any money, said Check Point Research.

The Ukraine-linked scams are the latest instances of cybercriminals cashing in on major events. 

During the early days of the COVID-19 pandemic, email scammers took advantage of people's fears of the virus by posing as health officials to trick them into handing over their personal data. 

"Fraudsters always monitor the agenda and adjust their scamming activities to target the latest high-profile news story," Emm said. 

Read the original article on Insider