Rise in phishing scams related to the Russian invasion of Ukraine

Researchers at email security firm Tessian have observed an upward trend in the number of suspicious emails being flagged related to Ukraine.

Email campaigns started to appear just one day after the initial invasion by Russia, with scammers taking advantage of the crisis by using impersonation techniques to dupe people into donating to fake organisations.

In fact, Tessian found that the number of new domains containing “Ukraine” registered in 2022 was up 210% from 2021, with an average of 315 new domains observed per day since February 2022. Over three-quarters of these domains (77 percent) were found to be suspicious.

In the specific cases that Tessian researchers discovered, they found a new scam whereby threat actors impersonate legitimate organisations like the Red Cross to direct users to send cryptocurrency payments via a fraudulent QR code.

One of these scam emails claims to be supporting the humanitarian aid effort in Ukraine and requests Bitcoin cryptocurrency donations. Legitimate website, text and logos from the likes of UNICEF, Actalliance and the Australian Council for International Affairs (ACFID) are being fraudulently leveraged to enhance the authenticity of phishing emails.

One threat campaign purporting to be a legitimate humanitarian aid effort for Ukraine from the ACFID requests Bitcoin donations and allows victims to make the donation via a direct Bitcoin address or via a malicious QR code.

Additionally, Tessian uncovered an upward trend in the number of Ukraine-related emails flagged by its advanced phishing detection solution, Tessian Defender, with the biggest spike occurring in the first week of March. Spam campaigns started to appear only one day after the initial invasion by Russia.

Charles Brook, Threat Intelligence Researcher at Tessian comments: “While there are certainly many legitimate organizations that do accept cryptocurrency donations, it’s important to be cautious of any email requesting donations – especially if it’s unsolicited. People need to be extremely cautious of any email purporting to aid or receive donations in an effort to support the humanitarian effort in Ukraine.

“Before engaging with any Ukrainian themed email, or website which you have not used before, always cross-verify its authenticity, check the email header, and even reach out to officially verified sources on Twitter to confirm its authenticity before taking any further action.”