Charity scams target people's generosity amid Russia-Ukraine conflict

Cyber-security firm ESET detected scam websites making fake appeals for donations to help people affected by the Russia-Ukraine conflict or fund Ukraine's defence efforts. PHOTO: ESET

SINGAPORE - Beware of scams from "humanitarian aid organisations" seeking donations to help people affected by the Ukraine war, or requests from "businessmen" to help them relocate out of Ukraine.

The public should also guard against attacks involving spam e-mails laced with data-stealing malware, with one urging people to fill in surveys on their back-up plans for the crisis, and another asking victims if they want to hold off ordering goods until shipments and flights reopen.

The Cyber Security Agency of Singapore's (CSA) Singapore Computer Emergency Response Team (SingCert) said on Tuesday (March 8) that as the conflict between Russia and Ukraine intensifies, there has been a rise in the number of reports globally involving scammers taking advantage of the crisis to trick users into sending money, or spread malware through phishing e-mails.

Cyber-security firm Bitdefender told The Straits Times that less than 1 per cent of the charity scam and malware spam attacks have reached Singapore.

In contrast, 25 per cent of the attacks from one charity scam targeted people in Britain while 23 per cent of the survey scams hit users in South Korea.

The CSA said that, for now, it has not received reports of any cyber-attack or scam activity in Singapore linked to the Russia-Ukraine conflict.

Even so, it will continue to monitor the situation and work with critical information infrastructure sectors - including banking and energy - to strengthen their cyber defences.

"As the situation is evolving rapidly, we would like to remind organisations and individuals to be extra vigilant during these times and practise good cyber hygiene, so that they do not fall prey to malicious cyber activity," added the CSA.

For now, Bitdefender has not been able to attribute the attacks to any specific threat group.

"We do not know whether or not these malicious attacks are a reaction of Russia against unfriendly countries," said Bitdefender senior researcher Alina Bizga.

She was referring to a list of countries and territories that Reuters reported have taken "unfriendly actions" against Russia, its companies and citizens, in the wake of economic sanctions over the conflict.

The countries listed include the United States, European Union member states, Britain, Japan, Canada, Norway, Singapore, South Korea, Switzerland and Ukraine.

But Bitdefender said major global events and crises are known to trigger malicious spam campaigns that exploit human emotion and people's desire to help.

Remote video URL

Small-time cyber crooks, notorious threat groups and spammers are likely to participate in malicious attacks and scams during this time.

In a similar way, cyber-security firm ESET said it detected scams linked to the Covid-19 pandemic such as phishing e-mails impersonating health services.

For instance, ESET found a sixtyfold spike in malicious websites with domain names linked to the coronavirus at the beginning of the outbreak in the first quarter of 2020.

In one of the scams linked to the Russia-Ukraine conflict that SingCert highlighted, Bitdefender said the scammers masquerade as well-known humanitarian aid organisations to e-mail recipients asking for donations to help the Ukrainian army and millions of civilians and children caught in the crisis.

The impersonated organisations and donation projects include the United Nations Children's Fund, Act for Peace and Ukraine Crisis Relief Fund.

One scam campaign that originated from Internet Protocol (IP) addresses in China reached tens of thousands of e-mail inboxes on March 2, with the subject line: "Stand with the people of Ukraine. Now accepting cryptocurrency donations. Bitcoin, Ethereum and USDT."

Bitdefender highlighted scam e-mails seeking donations in cryptocurrencies to help people affected by the Russia-Ukraine conflict. PHOTO: BITDEFENDER

The scam targeted mostly people in Britain, the US, South Korea and Japan, as well as several other European countries.

It comes on the back of the Ukrainian government announcing recently that it accepts Bitcoin and Ethereum cryptocurrency donations, after Russia's invasion of Ukraine on Feb 24.

ESET said its researchers also recently spotted scammers using websites taking advantage of the crisis to solicit money under the guise of charity.

These aid-seeking websites make vague claims about how the funds will be put to use. But upon closer inspection, none of them represents a legitimate organisation.

Said Mr Adrian Miron, Bitdefender's anti-spam research manager: "So far, we've noticed that the attackers reacted very quickly to legitimate announcements of Ukraine and other organisations by mimicking the format of their messages."

Another scam Bitdefender warned of is a Ukrainian version of the Nigerian prince e-mail scam. The crook pretends to be a renowned businessman from Ukraine seeking help to transfer US$10 million (S$13.6 million) until he is able to relocate somewhere safe. The fraudster often specifies remuneration for the help.

Crooks appear to be sending most of such scam e-mails from Botswana, with some from Germany and France. The targets are mainly from Germany, with others from Turkey, the US and Ireland.

As for the two malware spam attacks exploiting the crisis, they contain malware that allows crooks to steal sensitive information such as log-in credentials and keystrokes that capture what the victim types.

These malware spam campaigns are deployed mainly from IP addresses in Europe and the US.

To guard against the attacks, SingCert urged the public to practise good cyber hygiene habits like checking links before clicking on them and verifying attachments before downloading them.

People should also look out for suspicious e-mails that seem urgent, as well as e-mails from unfamiliar senders who could have disguised themselves as legitimate people or reputable organisations.

And for e-mails asking for donations, check that they are indeed from the official organisations they claim to be before giving.

Follow The Straits Times' live coverage on the Ukraine crisis here.

Stop Scams

Join ST's Telegram channel and get the latest breaking news delivered to you.