Taking advantage of European Internet users’ outpouring of solidarity with Ukrainians, some cybercriminals are launching fake appeals for donations on social networks, by SMS and by email.
Since the beginning of the Russian offensive, calls for donations for Ukraine have multiplied on social networks. But be careful, from Twitter, to Instagram, via TikTok or even Facebook, many of these requests turn out to be pure scams.
Cybercriminals are also taking advantage of the situation to launch phishing campaigns on the electronic boxes of companies and individuals, noted Cassie Leroux, director at Mailinblack, a French company specializing in the protection of messaging systems. “Currently, phishing attacks by hackers in emails asking for donations for Ukraine in bitcoin or other virtual currencies are said to amount worldwide to more than $37 million. These fraudulent emails are very well designed, displaying, for example, the flag of Ukraine, the signature of a known person representing an official body authorized to receive donations and often the logo of a humanitarian association. This multitude of plausible elements in these emails, if we are not careful, will make us fall into the trap of hackers ”.
Double identification limits scams
Compared to the cyberattacks perpetrated at the height of the Covid-19 health crisis, the wave of donation scams for Ukraine seems, for the moment, to be of less intensity in France. The main reason is that direct bank account hacking has become more difficult since the implementation of the second European directive on payment services, which requires Internet users to carry out double identification to make online purchases.
But criminals are likely to adapt their strategy accordingly, warns Jean-Jacques Latour, expertise manager of the site cybermalveillance.gouv.fr , whose mission is to provide assistance to victims of online scams. “ So far at the national level, we have yet to see a massive wave of these fraudulent donation cyberattacks. On the other hand, we anticipate that the phenomenon is likely to gain in intensity as the crisis progresses with attacks perpetrated by emails, SMS, but also on social networks. The service-public.fr website published an article on this subject at the start of the crisis, to list all the humanitarian organizations and identify the local authorities authorized to receive donations for Ukraine. And on the cybermalveillance.gouv.fr site, we publish a series of tips so that Internet users in France do not fall into the traps set by scammers. “.
Meta alert on false ads
On the social media side, these cyber donation scams for Ukraine mainly focus on Facebook. They often take the form of sponsored posts that appear on users’ newsfeeds. These fraudulent advertising inserts benefit, in addition, from a reward for each click of Internet users.
The links included in these banners redirect unwary donors to fake sites, in order to collect the donation money directly. The firm Meta, the new name of Facebook, has intensified its control measures to expunge from its platform, all false ads that would call for donations for Ukraine.