Beware of charity scams exploiting war in Ukraine

Cyber Security

Looking to help people in Ukraine? Donate wisely – do your research first so you give without getting scammed

Times of crisis may bring out the best in you, but they also have a way of bringing out the worst in scammers. They, too, follow the headlines and will go into overdrive in their attempts to part people from their money. We’ve seen this time and again during the COVID-19 pandemic, and just a few days into it the war in Ukraine is no different.

If the crisis has you worried and you’re looking to support humanitarian work on the ground through a donation, make sure your money goes to the right cause.

ESET researchers have spotted a bevy of websites that solicit money under the guise of charitable purposes. They tend to riff on a similar theme, making emotional but nonetheless fake appeals for solidarity with the people of Ukraine or urging the public to help fund the country’s defense efforts.



The websites make very vague claims about how the ‘aid’ will be used. It should also be obvious – upon closer inspection, anyway – that none of them represents a legitimate organization.

Some domains to be wary of include:

  • help-for-ukraine[.]eu
  • tokenukraine[.]com
  • supportukraine[.]today
  • ukrainecharity[.]gives
  • ukrainesolidarity[.]org
  • ukraine-solidarity[.]com
  • saveukraine[.]today

Also, stay alert for emotional pleas for help that may land in your email. A Reddit user has shared one such fake tug at the heartstrings (see below). Other similar ploys that aim to get the victims to cough up some Bitcoin are floating around on Twitter and other social media. Generally speaking, in the age of common account takeovers and ongoing cyberattacks against Ukrainian targets, it may be difficult to verify ‘solely digital’ information. While social media sites often play a major role in getting the word out about a charitable cause in a time of crisis, they are also fertile ground for fraud.

Source: Reddit

How to avoid charity fraud

If you’re looking to pour out support through a donation, here’re a few tips for how to do it safely:

  • Check carefully before giving – you’re best off sticking to well-known organizations that have a history of work in the field and have some presence or partners in Ukraine.
  • Donate your money via the organization’s website or approach the charity directly for guidance.
  • Be wary of requests to wire money or send gift cards. Charities don’t normally request this kind of ‘donation’.
  • Avoid clicking on links or downloading attachments in unsolicited emails or social media messages, particularly from unknown sources and those that add to the sense of alarm. They may attempt to lure you into unwittingly downloading malware onto your device.
  • In fact, be wary of messages even from trusted sources unless you verify that the message is authentic. To do this, contact said source by other means than the one by which you received it, e.g., by phone if you got it by email, etc.
  • Be skeptical of social media posts that promote a charity unless you verify that the organization is legitimate. The friend recommending it may not have done their research and the number of likes for a social media post doesn’t say much about its legitimacy, either.
  • Don’t give in to undue pressure – fraudsters will attempt to use the urgency of the situation to rush you into donating.

Here’s a non-exhaustive list of major international organizations that provide emergency assistance in Ukraine:

As the crisis remains front-page news all over the world, scammers will continue to look for ways to exploit the misery of the people affected by the war for their own gain. Perhaps the worst thing is that falling for a charity scam doesn’t just affect you – it also means the intended recipients are losing out on the assistance, which makes this sort of fraud all the more deplorable.

Products You May Like

Articles You May Like

Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments
Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia
Palo Alto Networks Patches Critical Firewall Vulnerability
Microsoft Seizes 240 Websites to Disrupt Global Distribution of Phish Kits
Fake Donald Trump Assassination Story Used in Phishing Scam

Leave a Reply

Your email address will not be published. Required fields are marked *