Tech Matters: How to avoid war scams and donate safely
It should come as no surprise that cybercriminals are capitalizing on the fear and good will felt by the global community as they are bombarded by horrific reports coming out of Ukraine. The situation is ripe for scams. And indeed, security analysts report a variety of ploys to exploit the good intentions of those who want to send aid to Ukraine.
In a blog post, Romania-based security firm Bitdefender said, “As the war in Ukraine intensifies, researchers at Bitdefender Labs are picking up waves of fraudulent and malicious emails exploiting the humanitarian crisis and charitable spirit of recipients across the globe.” In response to the military crisis and increased cybercriminal activity, Bitdefender and the Romanian National Cyber Security Directorate (DNSC) are offering free cybersecurity protection for any Ukrainian citizen, company or institution, as long as necessary, the company said.
But what about the rest of the world? We all need to be more vigilant to avoid scams and malware in emails, on social media and websites. The first step is to familiarize yourself with scams that are already in circulation. While you may not encounter the exact scams described, you can look for similarities as you use the internet.
One campaign identified by Bitdefender at the beginning of the month involves an email to employees of manufacturing companies, asking them to complete a survey about their company’s possible responses to the war. Opening the survey attachment results in the download of malicious software that scoops up login credentials, keystrokes and clipboard data from their targets.
Lesson: Do not open email attachments, especially from an unknown source. During this time, I recommend sharing work documents through your company’s secure file sharing system; for all other email attachments, reach out to known senders to verify the attachment is legitimate.
Other email campaigns impersonate charity organizations and ask for your donations. Scammers are impersonating the Ukrainian government, international humanitarian agency Act for Peace, UNICEF, Ukraine Crisis Relief Fund and other projects with pleas for financial assistance to help the Ukrainian army and millions of civilians including children caught in the conflict. Bitdefender said these scams use the subject lines: Stand with the people of Ukraine. Now accepting cryptocurrency donations. Bitcoin, Ethereum and USDT; HELP UKRAINE stop the war; Donate to Ukraine, Help save a life: Please read; and Urgent! Help Children in Ukraine.
If an email such as any of these land in your inbox, delete it. If you want to donate to a charity organization providing relief to Ukrainians, go directly to the website by typing in the name of the charity. But visit only well-known, reputable organizations to avoid fake websites that want only to steal your payment information. If you want to learn more about legitimate charities in the U.S., visit the charitynavigator.org to vet the organizations you are considering. From their homepage, click on Ukrainian-Russia Crisis to see 29 national charities sorted by purpose and then individually rated thee or four stars based on financial efficiency and operational transparency. Ignore pleas from individuals and unknown groups wherever you run across them: in your inbox, on your Facebook account, by telephone, text or even on the street.
As for payment, while some legitimate charities do accept cryptocurrency, it’s best to avoid paying by Bitcoin or a similar currency. It is impossible to verify where your money is going or to track it once it’s sent because of the very nature of crypto wallets.
And one last scam for the fiscally-minded. Bitdefender has also identified a twist on the Nigerian Prince scam. The email, allegedly sent by a renowned businessman from Ukraine, seeks your assistance to transfer $10 million until he is able to relocate somewhere safe, the company said. While targets are not offered any money for their help, they are asked to help pay for transfer fees to move the money. The scam may end there, but if the victim has revealed a bank account in the process, those funds could be drained.
On a brighter note, companies and individuals have come up with some novel ways to get money to victims in Ukraine. For instance, people are booking Airbnb properties in Ukraine and emailing the host to say that of course, they will not be coming, but want to send money to help property owners. It’s a great way to get money directly into the hands of people in Ukraine. Airbnb has waived all transaction fees. Airbnb told NPR last week that on Wednesday and Thursday, more than 61,000 nights were booked in Ukraine from around the world — bookings that grossed nearly $2 million. Now that’s putting technology and good will to good use.
Leslie Meredith has been writing about technology for more than a decade. As a mom of four, value, usefulness and online safety take priority. Have a question? Email Leslie at email@example.com.