Cyber threat actors typically seek to capitalize on unfortunate events and high-tension situations, such as the Russia-Ukraine war, by deploying various scams and social engineering schemes. As awareness increases for conflicts and tragedies, the public may search for charities with the hope of providing donations to impacted individuals, businesses, and organizations.
NJ Homeland Security says it has observed multiple malspam and phishing campaigns attempting to be delivered to New Jersey state employees, with the intent to acquire funds or donated items, obtain personal or financial information, or deliver malware.
In the example to the left, this malspam campaign from a .SHOP top-level domain (TLD) requested support for the people of Ukraine via cryptocurrency donations—which appears similar to the reported authentic requests for cryptocurrency donations from Ukrainian government officials on their official Twitter account page. The above email, however, contains spelling errors and does not include a signature or sense of legitimacy. Other observed campaigns that attempt to capitalize on this theme include support for Ukraine, urgent updates, impacts on sectors, medical crisis, dollar for dollar match, and urgent aid and donations.
Additionally, open-source reporting indicates that threat actors are targeting unsuspecting users via phone calls, emails, text messages, social media posts, online forums, and banner ads. These communications may include fraudulent links or attachments that supposedly include information on how and where to donate or provide assistance. Some websites may claim to be legitimate organizations soliciting desperate pleas for help but do not state how the aid will be used. Scammers are also pretending to be Ukrainian nationals in desperate need of financial help.
Furthermore, Russian-based credential harvesting attacks increased dramatically since February 27, 2022 with targets that include US and European manufacturing, international shipping, and transportation sectors. These emails impersonate CEOs or internal employees sending urgent documents, or spoof Microsoft emails to convince unsuspecting victims to click on links to keep their account active.