Cybercriminals impersonate Ukraine aid organizations in crypto phishing scams

It never takes long for threat actors to jump on a bandwagon and the Ukraine conflict is the latest event to prompt a wave of cryptocurrency phishing emails.

A new report of February's attack vectors from managed detection and response company Expel shows attempts to impersonate legitimate aid organizations to exploit people's desire to support refugees and victims with donations.

A few of the phrases seen in phishing emails referencing Ukraine to target cryptocurrency, include: 'Help -- Bitcoin,' 'Payment from your account' and 'Help save children in Ukraine.' The report warns those looking to provide financial support to victims of the invasion of Ukraine should confirm the legitimacy of any donation-related communications before providing their financial information.

"It's horrible that bad actors are trying to take advantage of the crisis in Ukraine for personal gain," says Jon Hencinski, director, global operations at Expel. "We want people to be aware of these scams at play so those thinking of donating can verify their donations are going to a legitimate place to help those in need. If you're thinking about donating crypto, double-check the public wallet address and transaction history before hitting 'send'. You can review transaction history of a public wallet address using block chain explorer sites like and Polkascan."

Among other findings, the Log4j vulnerability continues to be exploited against public-facing systems. The AsyncRAT malware made up 15 percent of identified malware payloads from incidents detected and responded to in February 2022.

Aside from the Ukraine-related emails another phishing trend noted is threat actors using the ability to register an subdomain through Adobe Campaign to give their emails a sense of legitimacy.

You can find more detail in the full report over on theExpel website.

Image credit: aleximx /

Comments are closed.

© 1998-2023 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.