Many people around the world want to help Ukrainians in need, and fraudsters are exploiting their generosity. Throughout the past week, Kaspersky researchers have observed intensifying scamming activities with numerous fake donation websites spreading on the web. Such scam activity diverts funds from legitimate organizations. Kaspersky reminds users to stay attentive and proactively check who they donate to.
Fake charity scams occur all year round and often take the form of a response to real disasters or emergencies. Sadly, the Ukrainian conflict is no different. Kaspersky researchers report numerous phishing pages impersonating donation and charity websites. Not only do fraudsters steal users’ money and credentials, but they also strip legitimate organizations from these donations.
Most of these pages lack any information about the fundraising organizers, donation recipients, or any other documents proving the legitimacy of their work. The only thing that users can do while visiting such pages is to donate. These websites do not report how the organization spends the funds – and that is one of the key signs that the unsuspecting users may end up losing their money to scammers.
An example of phishing page offering to donate money
Fraudsters make sure that users can transfer money easily and conveniently, including options for voluntary money transfers from their credit cards and cryptocurrency transactions.
An example of phishing page offering to donate bitcoin
They often use high-pressure tactics, such as stressing the urgency and using highly emotive language. In the mass spam mailings spotted by Kaspersky, fraudsters impersonated the victims of conflicts, pretending to seek financial help for their families. With banks shut down, the fraudsters begged for money transfers through Bitcoin and left Bitcoin wallet addresses.
Lastly, to make their fundraising seem more trustworthy, fraudsters began to exploit famous brands and celebrities because people are more likely to follow the good example of their idols and brands they trust.
An example of fake fundraising allegedly supported by Elon Musk
“The desire to help others is noble. Sadly, scammers try to exploit every opportunity to benefit themselves. Throughout the past week, we have seen fraudsters spreading numerous fake charity pages and stealing money and credentials from users willing to help. It is crucially important to make sure that your donation will be put to good use, so always check the legitimacy of the fundraising you are signing up to,” comments David Emm, principal security researcher at Kaspersky.
To stay protected from charity scams and donate safely, Kaspersky experts recommend:
- Check the charity’s website and credentials. Legitimate charities will be registered — you should cross-check an organization’s credentials in a known database to confirm they are genuine.
- Approach charity organizations directly to donate or offer support. To donate online, type in the charity website address rather than clicking on a link.
- If you are uncertain about the organizations you have checked, refer to well-known organizations that provide humanitarian support such as Red Cross.
- Remember that individuals who have been affected by the crisis are unlikely to contact you directly for money — especially strangers you don’t know. Be extra cautious of requests to send money.
- Stay vigilant. A fake website may look near identical to a genuine charity site, with the details of where to send donations being the only difference. Spelling or grammar mistakes often indicate fake pages.
- Be careful on social media. Social media is a useful way for charities to communicate with the public and solicit donations. But do not assume that a donation request on Facebook, Twitter, Instagram, or YouTube is legitimate simply because a friend liked or shared it. Take the time to research the group before donating.
